CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-1254

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile2.20th
Published2007年3月3日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

Affected Platforms (CPE)

📦
Connectix

Connectix Boards

= 0.4
📦
Connectix

Connectix Boards

= 0.4.1
📦
Connectix

Connectix Boards

= 0.4.2
📦
Connectix

Connectix Boards

= 0.4.3
📦
Connectix

Connectix Boards

= 0.4.4
📦
Connectix

Connectix Boards

= 0.5
📦
Connectix

Connectix Boards

= 0.5.1
📦
Connectix

Connectix Boards

= 0.5.2
📦
Connectix

Connectix Boards

= 0.5.3
📦
Connectix

Connectix Boards

= 0.5.4
📦
Connectix

Connectix Boards

= 0.5.5
📦
Connectix

Connectix Boards

= 0.6
📦
Connectix

Connectix Boards

= 0.6.1
📦
Connectix

Connectix Boards

= 0.7

References & Advisories

🔗 http://osvdb.org/33537
🔗 http://secunia.com/advisories/24255
🔗 http://securityreason.com/securityalert/2364
🔗 http://www.securityfocus.com/archive/1/460947/100/0/threaded
🔗 https://www.exploit-db.com/exploits/3352
🔗 http://osvdb.org/33537
🔗 http://secunia.com/advisories/24255
🔗 http://securityreason.com/securityalert/2364

相关漏洞威胁

CVE-2008-05027.5

PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows re...

CVE-2007-12556.0

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated adminis...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-104510.0

mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote atta...