CVE-2007-4522

NONECVSS 0.0

0.0

Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.

🔗 References (10)

cve@mitrehttp://securityreason.com/securityalert/3058
cve@mitrehttp://www.freshervisions.com/ripe/articles/ripe-version-0.8.10/
cve@mitrehttp://www.securityfocus.com/archive/1/477320/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/25406
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/36180
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3058
af854a3a-2127-422b-91ae-364da2661108http://www.freshervisions.com/ripe/articles/ripe-version-0.8.10/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/477320/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25406
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36180

Is Your Infrastructure Affected by CVE-2007-4522?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4522

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4522?