CVE-2007-4956 Information

Description

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module or (3) the typenav parameter to index.php in a browser aff action in the stats module.

Reference

http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29 http://osvdb.org/37180 http://osvdb.org/37182 http://secunia.com/advisories/26850 http://www.securityfocus.com/bid/25679 https://exchange.xforce.ibmcloud.com/vulnerabilities/36634 https://exchange.xforce.ibmcloud.com/vulnerabilities/36635 https://exchange.xforce.ibmcloud.com/vulnerabilities/36636 https://www.exploit-db.com/exploits/4412 https://www.exploit-db.com/exploits/4413 https://www.exploit-db.com/exploits/4414