PT-2007-7024 · Softbiz · Softbiz Freelancers Script

Ircrash

Published

2007-11-26

Updated

2017-09-29

CVE-2007-6125

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Softbiz Freelancers Script version 1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the sb protype parameter in the search form.php file.

Recommendations For Softbiz Freelancers Script version 1, consider restricting access to the search form.php file or the sb protype parameter to minimize the risk of exploitation. Avoid using the sb protype parameter in the affected file until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-6125

Affected Products

Softbiz Freelancers Script

PT-2007-7024 · Softbiz · Softbiz Freelancers Script

CVE-2007-6125

Weakness Enumeration

Related Identifiers

Affected Products

References · 7