PT-2007-2148 · Unknown · Free Lan In(Tra|Ter)Net Portal

Steven M. Christey

Published

2007-02-03

Updated

2017-07-29

CVE-2007-0695

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Free LAN In(tra|ter)net Portal (FLIP) versions prior to 1.0-RC3

Description The issue allows remote attackers to execute arbitrary SQL commands. It is mentioned that the escape sqlData, implode sql, and implode sqlIn functions are protection schemes, not the vulnerable functions.

Recommendations For versions prior to 1.0-RC3, update to version 1.0-RC3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive SQL commands until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-0695

Affected Products

Free Lan In(Tra|Ter)Net Portal

PT-2007-2148 · Unknown · Free Lan In(Tra|Ter)Net Portal

CVE-2007-0695

Weakness Enumeration

Related Identifiers

Affected Products

References · 6