CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-2537

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.3%

CVSS Severity

CVSS v2 Score 6.5

References

http://osvdb.org/36195
http://securityreason.com/securityalert/2670
http://www.aeroxteam.fr/exploit-NPDS-5.10.txt
http://www.securityfocus.com/archive/1/467696/100/0/threaded
http://www.securityfocus.com/bid/23831
https://exchange.xforce.ibmcloud.com/vulnerabilities/34109
http://osvdb.org/36195
http://securityreason.com/securityalert/2670
http://www.aeroxteam.fr/exploit-NPDS-5.10.txt
http://www.securityfocus.com/archive/1/467696/100/0/threaded
http://www.securityfocus.com/bid/23831
https://exchange.xforce.ibmcloud.com/vulnerabilities/34109

Products affected by CVE-2007-2537

Npds » Npds » Version: Any

cpe:2.3:a:npds:npds:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2537

Products

Pricing

Contact Us