CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-2824

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile37.73th
Published2007年5月22日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.

Affected Platforms (CPE)

📦
Alstrasoft

E Friends

<= 4.21

References & Advisories

🔗 http://osvdb.org/38056
🔗 http://www.securityfocus.com/bid/24067
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34400
🔗 https://www.exploit-db.com/exploits/3956
🔗 http://osvdb.org/38056
🔗 http://www.securityfocus.com/bid/24067
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34400
🔗 https://www.exploit-db.com/exploits/3956

相关漏洞威胁

CVE-2020-173639.9

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end ...

CVE-2017-10020009.8

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by...

CVE-2017-165619.8

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection i...

CVE-2017-10000049.8

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Cou...