CVE-2007-2971

Greg Neustaetter Gcards < 1.46 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · phpwebappsphp

https://www.exploit-db.com/exploits/3988

View Code ZIP pw:eip

References (9)

[Mailing List] http://marc.info/?l=bugtraq&m=120880332905213&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=120881500629066&w=2

[Exploit, Vendor Advisory] http://secunia.com/advisories/25452

[Exploit] http://www.securityfocus.com/bid/24175

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34529

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41927

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3988

[Third Party Advisory, VDB Entry] http://osvdb.org/36317

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1961

Scores

EPSS 0.0200

EPSS Percentile 83.7%

Details

Status published

Products (5)

greg_neustaetter/gcards 1.13

greg_neustaetter/gcards 1.43

greg_neustaetter/gcards 1.44

greg_neustaetter/gcards 1.45

greg_neustaetter/gcards < 1.46

Published Jun 01, 2007

Tracked Since Feb 18, 2026