CVE-2007-2537

NPDS <5.10 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gu1ll4um3r0m41n · phpwebappsphp

https://www.exploit-db.com/exploits/3855

View Code ZIP pw:eip

References (6)

[Exploit] http://www.aeroxteam.fr/exploit-NPDS-5.10.txt

[Exploit] http://www.securityfocus.com/bid/23831

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/467696/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34109

[Third Party Advisory, VDB Entry] http://osvdb.org/36195

[Third Party Advisory] http://securityreason.com/securityalert/2670

Scores

EPSS 0.0074

EPSS Percentile 73.0%

Details

Status published

Products (1)

npds/npds < 5.10

Published May 09, 2007

Tracked Since Feb 18, 2026