CVE-2007-6579 Information

Description

Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php (2) vlanedit.php and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.

Reference

http://osvdb.org/39776 http://osvdb.org/39777 http://osvdb.org/39778 http://osvdb.org/39779 http://osvdb.org/39780 http://www.inj3ct-it.org/exploit/ipreg0.3.txt http://www.securityfocus.com/bid/26993 https://www.exploit-db.com/exploits/4771