CVE-2007-2207

ripe_website_manager < 0.8.4 - SQL Injection via ripeformpost Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2207. PoCs published by John Martinelli.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Ripe Website Manager <= 0.8.4. It uses a crafted input field to inject malicious JavaScript, which executes when submitted.

Description

SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John Martinelli · htmlwebappsphp

https://www.exploit-db.com/exploits/29877

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Ripe Website Manager <= 0.8.4. It uses a crafted input field to inject malicious JavaScript, which executes when submitted.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ripe Website Manager <= 0.8.4

No auth needed

Prerequisites: A vulnerable instance of Ripe Website Manager with the contact form accessible

MITRE ATT&CK