CVE-2007-3128SQL Injection in IBM Websphere Portal

10 documents5 sources
Severity
6.4MEDIUMNVD
EPSS
0.4%
top 37.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Portal
Timeline
PublishedJun 19
Latest updateMay 1

Description

SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-r2rm-h2qg-g2vc: SQL injection vulnerability in content2022-05-01
CVEList
CVE-2007-3128: SQL injection vulnerability in content2007-06-19

💥Exploits & PoCs

1
Exploit-DB
Rational Software Hidden Administrator 1.7 - Authentication Bypass2007-05-19

🔍Detection Rules

6
Suricata
ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UPDATE2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UNION SELECT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page SELECT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page ASCII2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page DELETE2010-07-30
CVE-2007-3128 — SQL Injection in IBM Websphere Portal | cvebase