CVE-2007-1172
published 2007-03-02CVE-2007-1172: SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
1.04%
59.6th percentile
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nukescripts | nukesentinel | <= 2.5.06 | — |
| nukescripts | nukesentinel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-57r6-xxgw-r7ww: SQL injection vulnerability in nukesentinel
ghsa_unreviewed·2022-05-01
CVE-2007-1172 [MEDIUM] GHSA-57r6-xxgw-r7ww: SQL injection vulnerability in nukesentinel
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
GHSA
GHSA-9g42-7prc-3pxw: nukesentinel
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2007-1493 [MEDIUM] GHSA-9g42-7prc-3pxw: nukesentinel
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
No detection rules found.
No writeups or analysis indexed.
http://attrition.org/pipermail/vim/2007-March/001429.htmlhttp://secunia.com/advisories/24221http://securityreason.com/securityalert/2341http://www.securityfocus.com/archive/1/460599/100/0/threadedhttps://www.exploit-db.com/exploits/3338http://attrition.org/pipermail/vim/2007-March/001429.htmlhttp://secunia.com/advisories/24221http://securityreason.com/securityalert/2341http://www.securityfocus.com/archive/1/460599/100/0/threadedhttps://www.exploit-db.com/exploits/3338
2007-03-02
Published