CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2824

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile37.73th
PublishedMay 22, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.

Affected Platforms (CPE)

πŸ“¦
Alstrasoft

E Friends

<= 4.21

References & Advisories

πŸ”— http://osvdb.org/38056
πŸ”— http://www.securityfocus.com/bid/24067
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34400
πŸ”— https://www.exploit-db.com/exploits/3956
πŸ”— http://osvdb.org/38056
πŸ”— http://www.securityfocus.com/bid/24067
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34400
πŸ”— https://www.exploit-db.com/exploits/3956

Related Vulnerabilities

CVE-2020-173639.9

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end ...

CVE-2017-10020009.8

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by...

CVE-2017-165619.8

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection i...

CVE-2017-10000049.8

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Cou...