Description
SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Affected products
- butterfat / phpesp1.3_final – 1.3_final
- butterfat / phpesp1.4_beta1 – 1.4_beta1
- butterfat / phpesp1.4_beta2 – 1.4_beta2
- butterfat / phpesp1.4_beta3 – 1.4_beta3
- butterfat / phpesp1.4_final – 1.4_final
- butterfat / phpesp1.5_final – 1.5_final
- butterfat / phpesp1.5_rc1 – 1.5_rc1
- butterfat / phpesp1.5_rc2 – 1.5_rc2
- butterfat / phpesp1.5_rc3 – 1.5_rc3
- butterfat / phpesp1.6.1_final – 1.6.1_final
- butterfat / phpesp1.6_final – 1.6_final
- butterfat / phpesp1.6_rc1 – 1.6_rc1
- butterfat / phpesp1.6_rc2 – 1.6_rc2
- butterfat / phpesp1.6_rc3 – 1.6_rc3
- butterfat / phpesp1.7 – 1.7
- butterfat / phpesp1.7.1 – 1.7.1
- butterfat / phpesp1.7.2 – 1.7.2
- butterfat / phpesp1.7.5 – 1.7.5
- butterfat / phpesp1.7.5_dev1 – 1.7.5_dev1
- butterfat / phpesp1.7.5_dev2 – 1.7.5_dev2
- butterfat / phpesp1.7.5_dev3 – 1.7.5_dev3
- butterfat / phpesp1.7_dev – 1.7_dev
- butterfat / phpesp1.7_rc1 – 1.7_rc1
References
- MISChttp://www.osvdb.org/20358
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/22905
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/2237
- MISChttp://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain
- MISChttp://www.securityfocus.com/bid/15232
- VENDOR_ADVISORYhttp://secunia.com/advisories/17333