CVE-2007-4522 Information

Description

Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php (b) navigation/delete_menu.php and (c) navigation/delete_item.php in admin/; the (2) menu_id (3) name (3) page_id and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1 name and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.

Reference

http://securityreason.com/securityalert/3058 http://www.freshervisions.com/ripe/articles/ripe-version-0.8.10/ http://www.securityfocus.com/archive/1/477320/100/0/threaded http://www.securityfocus.com/bid/25406 https://exchange.xforce.ibmcloud.com/vulnerabilities/36180 Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php (b) navigation/delete_menu.php and (c) navigation/delete_item.php in admin/; the (2) menu_id (3) name (3) page_id and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1 name and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.