Vulnerability Details CVE-2007-4056
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.attrition.org/pipermail/vim/2007-July/001728.html
- http://www.securityfocus.com/bid/25135
- http://www.vupen.com/english/advisories/2007/2695
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35683
- https://www.exploit-db.com/exploits/4238
- http://www.attrition.org/pipermail/vim/2007-July/001728.html
- http://www.securityfocus.com/bid/25135
- http://www.vupen.com/english/advisories/2007/2695
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35683
- https://www.exploit-db.com/exploits/4238
Products affected by CVE-2007-4056
-
cpe:2.3:a:adult_directory:adult_directory:*