PT-2007-2940 · Unknown · Creative Files

Mehmet Ince

Published

2007-03-21

Updated

2017-10-11

CVE-2007-1556

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Creative Files version 1.2

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is exploited via the dlid parameter in the kommentare.php file.

Recommendations For Creative Files version 1.2, consider restricting access to the kommentare.php file or the dlid parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1556

Affected Products

Creative Files

PT-2007-2940 · Unknown · Creative Files

CVE-2007-1556

Related Identifiers

Affected Products

References · 5