CVE

Id
24991  
CVE No.
CVE-2007-1634  
Status
Candidate  
Description
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.  
Phase
Assigned (20070323)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
248088 24991 CVE-2007-1634 BUGTRAQ:20070318 Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day  View
248089 24991 CVE-2007-1634 URL:http://www.securityfocus.com/archive/1/archive/1/463176/100/0/threaded  View
248090 24991 CVE-2007-1634 VIM:20070323 Root cause of NPDS SQL injection is variable extraction/evaluation  View
248091 24991 CVE-2007-1634 URL:http://www.attrition.org/pipermail/vim/2007-March/001460.html  View
248092 24991 CVE-2007-1634 SECUNIA:24571  View
248093 24991 CVE-2007-1634 URL:http://secunia.com/advisories/24571  View
248094 24991 CVE-2007-1634 SREASON:2473  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
56613 JVNDB-2007-005305 RoseOnlineCMS の index.php におけるディレクトリトラバーサルの脆弱性 RoseOnlineCMS の index.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2007-1636 24991 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005305.html  View