CVE-2007-6375

bitweaver <= 2.0.0 - SQL Injection via sort_mode or highlight Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6375. PoCs published by Doz.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Bitweaver, including SQL injection and XSS, but does not contain actual exploit code. It references a URL parameter vulnerable to SQL injection.

Description

Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30880

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in Bitweaver, including SQL injection and XSS, but does not contain actual exploit code. It references a URL parameter vulnerable to SQL injection.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Bitweaver 2.0.0 and prior

No auth needed

Prerequisites: Access to the vulnerable search endpoint

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_misc

http://www.hackerscenter.com/archive/view.asp?id=28129

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/484805/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3428

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38943

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26801

Scores

EPSS 0.0100

EPSS Percentile 58.3%

Details

CWE

CWE-89

Status published

Products (5)

bitweaver/bitweaver 1.1.1_beta

bitweaver/bitweaver 1.2.1

bitweaver/bitweaver 1.3

bitweaver/bitweaver 1.3.1

bitweaver/bitweaver < 2.0.0

Published Dec 15, 2007

Tracked Since Feb 18, 2026