PT-2007-2505 · Design4Online · Design4Online Userpages2

Published

2007-02-22

·

Updated

2008-11-15

·

CVE-2007-1077

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: Design4Online UserPages2 version 2.0
Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the art id parameter in the "page.asp" file.
Recommendations: For Design4Online UserPages2 version 2.0, avoid using the art id parameter in the affected page until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1077

Affected Products

Design4Online Userpages2