CVE-2007-4956

KwsPHP 1.0 - SQL Injection via pseudo Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-4956. PoCs published by s4mi.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in KwsPHP 1.0's stats module, specifically in the 'typenav' parameter. It performs a UNION-based SQL injection to extract admin credentials from the database when magic_quotes_gpc is disabled.

Description

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

Exploits (3)

exploitdb WORKING POC VERIFIED
by s4mi · perlwebappsphp
https://www.exploit-db.com/exploits/4414

This exploit targets a SQL injection vulnerability in KwsPHP 1.0's stats module, specifically in the 'typenav' parameter. It performs a UNION-based SQL injection to extract admin credentials from the database when magic_quotes_gpc is disabled.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: KwsPHP 1.0
No auth needed
Prerequisites: magic_quotes_gpc must be disabled on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by s4mi · perlwebappsphp
https://www.exploit-db.com/exploits/4413

This exploit targets a SQL injection vulnerability in KwsPHP v1.0's Member_Space module. It authenticates with provided credentials, then injects a malicious SQL query to extract admin credentials from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: KwsPHP v1.0
Auth required
Prerequisites: Valid user credentials · magic_quotes_gpc disabled on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by s4mi · perlwebappsphp
https://www.exploit-db.com/exploits/4412

This exploit targets a SQL injection vulnerability in KwsPHP 1.0's login.php, allowing an attacker to extract admin credentials when magic_quotes_gpc is disabled. It crafts a malicious POST request to dump the password hash from the users table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: KwsPHP 1.0
No auth needed
Prerequisites: magic_quotes_gpc disabled · target running KwsPHP 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36635
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4412
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4413
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36634
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4414
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36636
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25679
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26850
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37182
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37180

Scores

EPSS 0.0353
EPSS Percentile 87.8%

Details

CWE
CWE-89
Status published
Products (1)
kwsphp/kwsphp 1.0
Published Sep 18, 2007
Tracked Since Feb 18, 2026