CVE-2007-2520
published 2007-06-26CVE-2007-2520: SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.10%
61.7th percentile
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| frank_mancuso | mynews | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
exploitdb·2015-09-16
CVE-2015-2520 Microsoft Office 2007 - BIFFRecord Length Use-After-Free
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=464
The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 1105668828_orig.xls
Crashing File: 1105668828_crash.xls
Minimized Crashing File: 1105668828_min.xls
The minimized crashing file shows two one bit deltas from the original file. The first delta at offset 0x1CF7E and the second is at offset 0x3A966. Both of these offset appear to be BIFFRecord lengths.
File Versions:
Excel.exe: 12.0.6718.5000
MSO.dll: 12.0.6721.5000
Observed Crash:
eax=0000000
Exploit-DB
MyNews 0.10 - AuthACC SQL Injection
exploitdb·2007-06-25
CVE-2007-2520 MyNews 0.10 - AuthACC SQL Injection
MyNews 0.10 - AuthACC SQL Injection
---
source: https://www.securityfocus.com/bid/24621/info
MyNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects MyNews 0.10; other versions may also be vulnerable.
To exploit this issue, modify the following cookie variable: authacc = "' OR `row_id`=1 UNION SELECT * FROM `sessions` WHERE '1%3A1%3A1%3A1%3AAdmin"
No writeups or analysis indexed.
http://securityreason.com/securityalert/2834http://www.netvigilance.com/advisory0025http://www.osvdb.org/34274http://www.securityfocus.com/archive/1/472203/100/0/threadedhttp://www.securityfocus.com/bid/24621https://exchange.xforce.ibmcloud.com/vulnerabilities/35049http://securityreason.com/securityalert/2834http://www.netvigilance.com/advisory0025http://www.osvdb.org/34274http://www.securityfocus.com/archive/1/472203/100/0/threadedhttp://www.securityfocus.com/bid/24621https://exchange.xforce.ibmcloud.com/vulnerabilities/35049
2007-06-26
Published