Vulnerability-Lookup

CVE-2007-1548 (GCVE-0-2007-1548)

Vulnerability from cvelistv5 – Published: 2007-03-20 22:00 – Updated: 2024-08-07 12:59

Summary

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/23051	vdb-entryx_refsource_BID
	http://secunia.com/advisories/24561	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/1061	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.webwizguide.info/web_wiz_forums/Versio…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/463287/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/2456	third-party-advisoryx_refsource_SREASON
	http://osvdb.org/34344	vdb-entryx_refsource_OSVDB
	http://ifsec.blogspot.com/2007/03/web-wiz-forums-…	x_refsource_MISC

Date Public ?

2007-03-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:08.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23051",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23051"
          },
          {
            "name": "24561",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24561"
          },
          {
            "name": "ADV-2007-1061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1061"
          },
          {
            "name": "webwizforums-popupmember-sql-injection(33095)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
          },
          {
            "name": "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
          },
          {
            "name": "2456",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2456"
          },
          {
            "name": "34344",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34344"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "23051",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23051"
        },
        {
          "name": "24561",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24561"
        },
        {
          "name": "ADV-2007-1061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1061"
        },
        {
          "name": "webwizforums-popupmember-sql-injection(33095)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
        },
        {
          "name": "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
        },
        {
          "name": "2456",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2456"
        },
        {
          "name": "34344",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34344"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "23051",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23051"
            },
            {
              "name": "24561",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24561"
            },
            {
              "name": "ADV-2007-1061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1061"
            },
            {
              "name": "webwizforums-popupmember-sql-injection(33095)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
            },
            {
              "name": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt",
              "refsource": "CONFIRM",
              "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
            },
            {
              "name": "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
            },
            {
              "name": "2456",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2456"
            },
            {
              "name": "34344",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34344"
            },
            {
              "name": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html",
              "refsource": "MISC",
              "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1548",
    "datePublished": "2007-03-20T22:00:00.000Z",
    "dateReserved": "2007-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:59:08.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-1548",
      "date": "2026-04-20",
      "epss": "0.0183",
      "percentile": "0.82945"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.05\", \"matchCriteriaId\": \"D60452E2-7B96-44DC-B0BD-3C2C624F1E92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:5.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C570D39D-114E-41AB-A7A9-4389CA4D0735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:5.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EEB8308-1A8C-4495-A5BD-6D6F321C84B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5F41195-D3B0-42E0-8490-8556EF939FBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBB04952-D7EA-411E-97EB-71CC9D0AA21E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"381D4A63-E3D1-42D4-AE25-70523C1D7AEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC4FC5DE-F661-48A6-99DC-90BE1E6B683E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_5:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CA02A0D-82F6-4E7A-B77B-23C47E9AA15D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_6:*:*:*:*:*:*\", \"matchCriteriaId\": \"85865444-6F19-4A21-AD91-D572D2D0129E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"619FD257-B6FF-4E37-91E1-9C3CA3C6A4F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"658FB7FB-7003-4003-81AD-799F171DFC36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E211F91A-5255-4146-A270-ABC1A204AAE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15489B55-722E-4605-B0CB-EA0F4BEF422B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B933FD9C-2AE3-4E3E-A1DB-E23314D51FE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62605E2E-3720-45F6-8092-2BAEC548C10C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59FD4A03-EBC9-466B-9956-360C92F9B3C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9B0616C-DA43-4688-B396-1F7D915D8106\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D42135EA-E5B7-410C-AEA0-91E4D2BF9D0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D97A143D-043C-4F20-BA86-4102727A908B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44718687-CC3C-43A5-AAB3-784CC6F91489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7433F60B-4BFC-434A-AF52-407547A9D5A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0CB2CC7-0C42-4CD3-BF15-E0CA57567B0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CF74835-B33A-465B-A28A-4D45EB900653\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64EF4588-262A-4064-8366-CDD692EEA4B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80330E0F-D686-4581-A2CF-A2E6F68B4C55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7796749E-58CA-49AC-BF5E-EE1075CE50E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:6.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF3473DF-F00F-4406-9D3E-6A8E0361E7B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7:beta_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"177B6CF4-04C6-4096-9AB4-F99B282228D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5769B294-1CE5-4317-B408-573C040805B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6DBC28F-9E00-431E-9F66-F16482AC839A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9952614D-2E2C-4C29-92A4-897F2F1E324B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DAD04A-724F-4E21-A1F9-86309D1B8FB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.5:beta_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8071F07-6618-4C80-8172-BEA24A2B5408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"204A4546-BC27-4B85-8AF7-01C8B003625A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D631B87-1527-4976-A8A4-E33279561AA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.7a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34C76CAC-2854-4511-87FA-75946ABD81F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE8E9F96-EF9D-4EF6-9058-DA17E42928E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE3095A5-B7D0-4FCD-96AE-0F8B55398A9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5AC122B-1B97-4E51-9E0A-9C8DB4FDA23D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.51a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BB56D4-ADB2-4BED-825B-12A08BED0F7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FB93AA4-452F-4449-AB36-EA1AA4EB95F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.95:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE82C94C-7A5A-4CCD-93DE-B6766BB702E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:7.96:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AF3BD34-2F75-4165-982B-12F9B277FF06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB43F534-5ABD-467C-B960-76E7167ADA73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2BD800A-FD05-4049-AD60-9A63A229BE3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F882478C-0E32-4798-8A35-D04266D829E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"73326579-D007-4951-AD9F-65DB1A36D265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD181851-0B7A-4397-866C-E352701E4E3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5907FDD-2642-4FC5-B91A-FF7E515B6422\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A52CF51A-C1AB-445E-9B73-ECE88BBAB817\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17A1F6D4-EE6E-43BE-8952-D66F0D0DAEBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webwizguide:web_wiz_forums:8.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3E1A3FA-C5E6-4F99-9CB2-1721353E06BC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\\\\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de inyecci\\u00f3n SQL en el archivo functions/functions_filters.asp en Web Wiz Forums anterior a la versi\\u00f3n 8.05a (versi\\u00f3n MySQL) no filtra apropiadamente ciertos caracteres en los comandos SQL, lo que permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la secuencia \\\\\\\"\u0027 (barra invertida-comillas dobles), que se contraen en \\\\\u0027\u0027, como se muestra por medio del par\\u00e1metro name en forum/pop_up_member_search.asp.\"}]",
      "id": "CVE-2007-1548",
      "lastModified": "2024-11-21T00:28:35.553",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-03-20T22:19:00.000",
      "references": "[{\"url\": \"http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://osvdb.org/34344\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24561\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2456\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/463287/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23051\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1061\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.webwizguide.info/web_wiz_forums/Version%20History.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33095\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://osvdb.org/34344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/463287/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23051\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.webwizguide.info/web_wiz_forums/Version%20History.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1548\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-20T22:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\\\\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n SQL en el archivo functions/functions_filters.asp en Web Wiz Forums anterior a la versi\u00f3n 8.05a (versi\u00f3n MySQL) no filtra apropiadamente ciertos caracteres en los comandos SQL, lo que permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la secuencia \\\\\\\"\u0027 (barra invertida-comillas dobles), que se contraen en \\\\\u0027\u0027, como se muestra por medio del par\u00e1metro name en forum/pop_up_member_search.asp.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.05\",\"matchCriteriaId\":\"D60452E2-7B96-44DC-B0BD-3C2C624F1E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C570D39D-114E-41AB-A7A9-4389CA4D0735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EEB8308-1A8C-4495-A5BD-6D6F321C84B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5F41195-D3B0-42E0-8490-8556EF939FBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBB04952-D7EA-411E-97EB-71CC9D0AA21E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"381D4A63-E3D1-42D4-AE25-70523C1D7AEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC4FC5DE-F661-48A6-99DC-90BE1E6B683E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CA02A0D-82F6-4E7A-B77B-23C47E9AA15D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"85865444-6F19-4A21-AD91-D572D2D0129E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"619FD257-B6FF-4E37-91E1-9C3CA3C6A4F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"658FB7FB-7003-4003-81AD-799F171DFC36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E211F91A-5255-4146-A270-ABC1A204AAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15489B55-722E-4605-B0CB-EA0F4BEF422B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B933FD9C-2AE3-4E3E-A1DB-E23314D51FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62605E2E-3720-45F6-8092-2BAEC548C10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FD4A03-EBC9-466B-9956-360C92F9B3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B0616C-DA43-4688-B396-1F7D915D8106\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D42135EA-E5B7-410C-AEA0-91E4D2BF9D0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D97A143D-043C-4F20-BA86-4102727A908B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44718687-CC3C-43A5-AAB3-784CC6F91489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7433F60B-4BFC-434A-AF52-407547A9D5A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0CB2CC7-0C42-4CD3-BF15-E0CA57567B0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CF74835-B33A-465B-A28A-4D45EB900653\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64EF4588-262A-4064-8366-CDD692EEA4B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80330E0F-D686-4581-A2CF-A2E6F68B4C55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7796749E-58CA-49AC-BF5E-EE1075CE50E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:6.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF3473DF-F00F-4406-9D3E-6A8E0361E7B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7:beta_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"177B6CF4-04C6-4096-9AB4-F99B282228D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5769B294-1CE5-4317-B408-573C040805B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DBC28F-9E00-431E-9F66-F16482AC839A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9952614D-2E2C-4C29-92A4-897F2F1E324B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DAD04A-724F-4E21-A1F9-86309D1B8FB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.5:beta_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8071F07-6618-4C80-8172-BEA24A2B5408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"204A4546-BC27-4B85-8AF7-01C8B003625A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D631B87-1527-4976-A8A4-E33279561AA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.7a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C76CAC-2854-4511-87FA-75946ABD81F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE8E9F96-EF9D-4EF6-9058-DA17E42928E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE3095A5-B7D0-4FCD-96AE-0F8B55398A9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5AC122B-1B97-4E51-9E0A-9C8DB4FDA23D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.51a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BB56D4-ADB2-4BED-825B-12A08BED0F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB93AA4-452F-4449-AB36-EA1AA4EB95F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.95:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE82C94C-7A5A-4CCD-93DE-B6766BB702E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:7.96:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF3BD34-2F75-4165-982B-12F9B277FF06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB43F534-5ABD-467C-B960-76E7167ADA73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2BD800A-FD05-4049-AD60-9A63A229BE3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F882478C-0E32-4798-8A35-D04266D829E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"73326579-D007-4951-AD9F-65DB1A36D265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD181851-0B7A-4397-866C-E352701E4E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5907FDD-2642-4FC5-B91A-FF7E515B6422\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52CF51A-C1AB-445E-9B73-ECE88BBAB817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A1F6D4-EE6E-43BE-8952-D66F0D0DAEBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webwizguide:web_wiz_forums:8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3E1A3FA-C5E6-4F99-9CB2-1721353E06BC\"}]}]}],\"references\":[{\"url\":\"http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://osvdb.org/34344\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24561\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2456\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/463287/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23051\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1061\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.webwizguide.info/web_wiz_forums/Version%20History.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33095\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://osvdb.org/34344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/463287/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.webwizguide.info/web_wiz_forums/Version%20History.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-1548

Vulnerability from fkie_nvd - Published: 2007-03-20 22:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html	Exploit
cve@mitre.org	http://osvdb.org/34344
cve@mitre.org	http://secunia.com/advisories/24561	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/2456	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/463287/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23051	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1061	Vendor Advisory
cve@mitre.org	http://www.webwizguide.info/web_wiz_forums/Version%20History.txt
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33095
af854a3a-2127-422b-91ae-364da2661108	http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34344
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24561	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2456	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/463287/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23051	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1061	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.webwizguide.info/web_wiz_forums/Version%20History.txt
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33095

Impacted products

Vendor	Product	Version
webwizguide	web_wiz_forums	*
webwizguide	web_wiz_forums	5.21
webwizguide	web_wiz_forums	5.22
webwizguide	web_wiz_forums	6
webwizguide	web_wiz_forums	6
webwizguide	web_wiz_forums	6
webwizguide	web_wiz_forums	6
webwizguide	web_wiz_forums	6
webwizguide	web_wiz_forums	6
webwizguide	web_wiz_forums	6.0
webwizguide	web_wiz_forums	6.10
webwizguide	web_wiz_forums	6.11
webwizguide	web_wiz_forums	6.12
webwizguide	web_wiz_forums	6.20
webwizguide	web_wiz_forums	6.21
webwizguide	web_wiz_forums	6.22
webwizguide	web_wiz_forums	6.23
webwizguide	web_wiz_forums	6.24
webwizguide	web_wiz_forums	6.25
webwizguide	web_wiz_forums	6.26
webwizguide	web_wiz_forums	6.27
webwizguide	web_wiz_forums	6.28
webwizguide	web_wiz_forums	6.29
webwizguide	web_wiz_forums	6.30
webwizguide	web_wiz_forums	6.32
webwizguide	web_wiz_forums	6.33
webwizguide	web_wiz_forums	6.34
webwizguide	web_wiz_forums	7
webwizguide	web_wiz_forums	7
webwizguide	web_wiz_forums	7.0
webwizguide	web_wiz_forums	7.01
webwizguide	web_wiz_forums	7.5
webwizguide	web_wiz_forums	7.5
webwizguide	web_wiz_forums	7.6
webwizguide	web_wiz_forums	7.7
webwizguide	web_wiz_forums	7.7a
webwizguide	web_wiz_forums	7.8
webwizguide	web_wiz_forums	7.9
webwizguide	web_wiz_forums	7.51
webwizguide	web_wiz_forums	7.51a
webwizguide	web_wiz_forums	7.92
webwizguide	web_wiz_forums	7.95
webwizguide	web_wiz_forums	7.96
webwizguide	web_wiz_forums	8
webwizguide	web_wiz_forums	8
webwizguide	web_wiz_forums	8
webwizguide	web_wiz_forums	8
webwizguide	web_wiz_forums	8.0
webwizguide	web_wiz_forums	8.01
webwizguide	web_wiz_forums	8.02
webwizguide	web_wiz_forums	8.03
webwizguide	web_wiz_forums	8.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60452E2-7B96-44DC-B0BD-3C2C624F1E92",
              "versionEndIncluding": "8.05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C570D39D-114E-41AB-A7A9-4389CA4D0735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB8308-1A8C-4495-A5BD-6D6F321C84B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "E5F41195-D3B0-42E0-8490-8556EF939FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "FBB04952-D7EA-411E-97EB-71CC9D0AA21E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_3:*:*:*:*:*:*",
              "matchCriteriaId": "381D4A63-E3D1-42D4-AE25-70523C1D7AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_4:*:*:*:*:*:*",
              "matchCriteriaId": "AC4FC5DE-F661-48A6-99DC-90BE1E6B683E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_5:*:*:*:*:*:*",
              "matchCriteriaId": "9CA02A0D-82F6-4E7A-B77B-23C47E9AA15D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_6:*:*:*:*:*:*",
              "matchCriteriaId": "85865444-6F19-4A21-AD91-D572D2D0129E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "619FD257-B6FF-4E37-91E1-9C3CA3C6A4F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "658FB7FB-7003-4003-81AD-799F171DFC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E211F91A-5255-4146-A270-ABC1A204AAE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "15489B55-722E-4605-B0CB-EA0F4BEF422B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B933FD9C-2AE3-4E3E-A1DB-E23314D51FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "62605E2E-3720-45F6-8092-2BAEC548C10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FD4A03-EBC9-466B-9956-360C92F9B3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B0616C-DA43-4688-B396-1F7D915D8106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42135EA-E5B7-410C-AEA0-91E4D2BF9D0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "D97A143D-043C-4F20-BA86-4102727A908B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "44718687-CC3C-43A5-AAB3-784CC6F91489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "7433F60B-4BFC-434A-AF52-407547A9D5A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CB2CC7-0C42-4CD3-BF15-E0CA57567B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF74835-B33A-465B-A28A-4D45EB900653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "64EF4588-262A-4064-8366-CDD692EEA4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "80330E0F-D686-4581-A2CF-A2E6F68B4C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "7796749E-58CA-49AC-BF5E-EE1075CE50E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:6.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF3473DF-F00F-4406-9D3E-6A8E0361E7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7:beta_4:*:*:*:*:*:*",
              "matchCriteriaId": "177B6CF4-04C6-4096-9AB4-F99B282228D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5769B294-1CE5-4317-B408-573C040805B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DBC28F-9E00-431E-9F66-F16482AC839A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "9952614D-2E2C-4C29-92A4-897F2F1E324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DAD04A-724F-4E21-A1F9-86309D1B8FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.5:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "E8071F07-6618-4C80-8172-BEA24A2B5408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "204A4546-BC27-4B85-8AF7-01C8B003625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D631B87-1527-4976-A8A4-E33279561AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "34C76CAC-2854-4511-87FA-75946ABD81F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE8E9F96-EF9D-4EF6-9058-DA17E42928E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE3095A5-B7D0-4FCD-96AE-0F8B55398A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AC122B-1B97-4E51-9E0A-9C8DB4FDA23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.51a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BB56D4-ADB2-4BED-825B-12A08BED0F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB93AA4-452F-4449-AB36-EA1AA4EB95F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE82C94C-7A5A-4CCD-93DE-B6766BB702E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:7.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF3BD34-2F75-4165-982B-12F9B277FF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "AB43F534-5ABD-467C-B960-76E7167ADA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "F2BD800A-FD05-4049-AD60-9A63A229BE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F882478C-0E32-4798-8A35-D04266D829E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1.1:*:*:*:*:*:*",
              "matchCriteriaId": "73326579-D007-4951-AD9F-65DB1A36D265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD181851-0B7A-4397-866C-E352701E4E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5907FDD-2642-4FC5-B91A-FF7E515B6422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52CF51A-C1AB-445E-9B73-ECE88BBAB817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A1F6D4-EE6E-43BE-8952-D66F0D0DAEBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webwizguide:web_wiz_forums:8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E1A3FA-C5E6-4F99-9CB2-1721353E06BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo functions/functions_filters.asp en Web Wiz Forums anterior a la versi\u00f3n 8.05a (versi\u00f3n MySQL) no filtra apropiadamente ciertos caracteres en los comandos SQL, lo que permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la secuencia \\\"\u0027 (barra invertida-comillas dobles), que se contraen en \\\u0027\u0027, como se muestra por medio del par\u00e1metro name en forum/pop_up_member_search.asp."
    }
  ],
  "id": "CVE-2007-1548",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-20T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34344"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24561"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/2456"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23051"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/2456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-1548

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1548

Aliases

CVE-2007-1548

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1548",
    "description": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp.",
    "id": "GSD-2007-1548"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1548"
      ],
      "details": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp.",
      "id": "GSD-2007-1548",
      "modified": "2023-12-13T01:21:39.740954Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1548",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "23051",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23051"
          },
          {
            "name": "24561",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24561"
          },
          {
            "name": "ADV-2007-1061",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1061"
          },
          {
            "name": "webwizforums-popupmember-sql-injection(33095)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
          },
          {
            "name": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt",
            "refsource": "CONFIRM",
            "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
          },
          {
            "name": "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
          },
          {
            "name": "2456",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2456"
          },
          {
            "name": "34344",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/34344"
          },
          {
            "name": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html",
            "refsource": "MISC",
            "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.05",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.5:beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.95:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7:beta_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.96:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:8.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.51a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webwizguide:web_wiz_forums:6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1548"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
            },
            {
              "name": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
            },
            {
              "name": "23051",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/23051"
            },
            {
              "name": "24561",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24561"
            },
            {
              "name": "2456",
              "refsource": "SREASON",
              "tags": [
                "Exploit"
              ],
              "url": "http://securityreason.com/securityalert/2456"
            },
            {
              "name": "34344",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/34344"
            },
            {
              "name": "ADV-2007-1061",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1061"
            },
            {
              "name": "webwizforums-popupmember-sql-injection(33095)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
            },
            {
              "name": "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:39Z",
      "publishedDate": "2007-03-20T22:19Z"
    }
  }
}

GHSA-PQ5V-FXJ9-PFM8

Vulnerability from github – Published: 2022-05-01 17:54 – Updated: 2022-05-01 17:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1548"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-20T22:19:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"\u0027 (backslash double-quote quote) sequences, which are collapsed into \\\u0027\u0027, as demonstrated via the name parameter to forum/pop_up_member_search.asp.",
  "id": "GHSA-pq5v-fxj9-pfm8",
  "modified": "2022-05-01T17:54:40Z",
  "published": "2022-05-01T17:54:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1548"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095"
    },
    {
      "type": "WEB",
      "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34344"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24561"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2456"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23051"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1061"
    },
    {
      "type": "WEB",
      "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1548 (GCVE-0-2007-1548)

FKIE_CVE-2007-1548

GSD-2007-1548

GHSA-PQ5V-FXJ9-PFM8

Tags

Sightings

Nomenclature