PT-2007-7410 · Php · Php Zlink

Dnx

Published

2007-12-28

Updated

2017-09-29

CVE-2007-6578

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP ZLink version 0.3

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the id parameter.

Recommendations For PHP ZLink version 0.3, avoid using the id parameter in the go.php file until a fix is available. Consider validating and sanitizing user input to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-6578

Affected Products

Php Zlink

PT-2007-7410 · Php · Php Zlink

CVE-2007-6578

Weakness Enumeration

Related Identifiers

Affected Products

References · 5