CVE-2007-5643
Lussumo Vanilla < 1.1.3 - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Exploits (1)
References (7)
Scores
EPSS
0.0095
EPSS Percentile
76.4%
Details
CWE
CWE-89
Status
published
Products (1)
lussumo/vanilla
< 1.1.3
Published
Oct 23, 2007
Tracked Since
Feb 18, 2026