PT-2007-4411 · Wsportal · Wsportal
Jesper Jurcenoks
·
Published
2007-06-19
·
Updated
2018-10-16
·
CVE-2007-3128
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
WSPortal version 1.0
Description:
A SQL injection issue exists in the content.php file of WSPortal, allowing remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This is achieved by manipulating the
page parameter.Recommendations:
For WSPortal version 1.0, consider disabling the
content.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wsportal