CVE-2007-5630

Description

SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action.

Affected products

• bbsprocess / bbportals1.5.10 – 1.5.10
• bbsprocess / bbportals1.5.11 – 1.5.11
• bbsprocess / bbportals1.6.2 – 1.6.2
• bbsprocess / bbportals2.0 – 2.0

References

• MISChttp://www.securityfocus.com/bid/26149
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/37346
• EXPLOIThttps://www.exploit-db.com/exploits/4550