CVE-2007-2971

SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

Link	Resource
http://www.securityfocus.com/bid/24175	Exploit
http://secunia.com/advisories/25452	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=120880332905213&w=2
http://marc.info/?l=bugtraq&m=120881500629066&w=2
http://osvdb.org/36317
http://www.vupen.com/english/advisories/2007/1961
https://exchange.xforce.ibmcloud.com/vulnerabilities/41927
https://exchange.xforce.ibmcloud.com/vulnerabilities/34529
https://www.exploit-db.com/exploits/3988

Configuration 1

cpe:2.3:a:greg_neustaetter:gcards:1.43:*:*:*:*:*:*:* cpe:2.3:a:greg_neustaetter:gcards:1.45:*:*:*:*:*:*:* cpe:2.3:a:greg_neustaetter:gcards:1.44:*:*:*:*:*:*:* cpe:2.3:a:greg_neustaetter:gcards:*:*:*:*:*:*:*:* cpe:2.3:a:greg_neustaetter:gcards:1.13:*:*:*:*:*:*:*

---

Published : 2007-06-01 01:30

Updated : 2017-10-19 01:30

---

NVD link : CVE-2007-2971

Mitre link : CVE-2007-2971

No products.

NVD-CWE-Other