Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3127 — IBM Websphere Portal vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

10.9%

top 6.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Websphere Portal

Timeline

PublishedJun 19

Latest updateMay 1

Description

content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_portal1.0

🔴Vulnerability Details

GHSA

GHSA-wc6r-vh5v-h5gh: content↗2022-05-01

▶

CVEList

CVE-2007-3127: content↗2007-06-19

▶

💥Exploits & PoCs

Exploit-DB

WSPortal 1.0 - 'content.php' SQL Injection↗2007-06-18

▶