CVE-2007-4956

Kwsphp - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

Exploits (3)

exploitdb WORKING POC VERIFIED

by s4mi · perlwebappsphp

https://www.exploit-db.com/exploits/4414

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by s4mi · perlwebappsphp

https://www.exploit-db.com/exploits/4413

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by s4mi · perlwebappsphp

https://www.exploit-db.com/exploits/4412

View Code ZIP pw:eip

References (11)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36635

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4412

[Various Sources] http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4413

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36634

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4414

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36636

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25679

[Third Party Advisory] http://secunia.com/advisories/26850

[Third Party Advisory, VDB Entry] http://osvdb.org/37182

[Third Party Advisory, VDB Entry] http://osvdb.org/37180

Scores

EPSS 0.0195

EPSS Percentile 83.5%

Details

CWE

CWE-89

Status published

Products (1)

kwsphp/kwsphp 1.0

Published Sep 18, 2007

Tracked Since Feb 18, 2026