CVE-2007-2299

Frogss Cms < 0.7 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/3731

View Code ZIP pw:eip

References (7)

[Exploit] http://www.securityfocus.com/bid/23476

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33640

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3731

[Third Party Advisory, VDB Entry] http://osvdb.org/35526

[Third Party Advisory, VDB Entry] http://osvdb.org/35527

[Third Party Advisory, VDB Entry] http://osvdb.org/35528

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1388

Scores

EPSS 0.0134

EPSS Percentile 80.1%

Details

Status published

Products (1)

frogss/frogss_cms < 0.7

Published Apr 26, 2007

Tracked Since Feb 18, 2026