Description

SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.

Remediation

References

CVE-2007-4653

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2007-3856)

WordPress Plugin LiveSig 'wp-root' Parameter Remote File Include (0.4)

PHP-Fusion Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1806)

WordPress Plugin Widgets for SiteOrigin Security Bypass (1.4.2)

Oracle JRE CVE-2022-21248 Vulnerability (CVE-2022-21248)

Severity

High

Classification

CVE-2007-4653 CWE-138

Tags

Missing Update Known Vulnerabilities