ID CVE-2007-5999Type cveReporter NVDModified 2017-09-28T21:29:46
Description
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
{"id": "CVE-2007-5999", "bulletinFamily": "NVD", "title": "CVE-2007-5999", "description": "SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.", "published": "2007-11-15T17:46:00", "modified": "2017-09-28T21:29:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5999", "reporter": "NVD", "references": ["https://www.exploit-db.com/exploits/4617", "http://www.securityfocus.com/bid/26399", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38399"], "cvelist": ["CVE-2007-5999"], "type": "cve", "lastseen": "2017-09-29T14:25:36", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:softbizscripts:softbiz_auctions_script"], "cvelist": ["CVE-2007-5999"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 1, "enchantments": {}, "hash": "6219f6cd1bedca0ecfca8e46910bf86436dd30b316c5281a6c1d1a60c02b23b5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "73e8445a1c43120b5a7a14a881eb1ea7", "key": "href"}, {"hash": "cab856d46d4f2eff95f956e6ffb3c19f", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "ad10d0fc14e37f3b04252f4636daefef", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "185e983aeb363e41f19be342326e4abd", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ac866fe6e5a04785c7cee0638118467e", "key": "references"}, {"hash": "64b539d3b5cde60b9166a44e150b285f", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "b6edc112d5df2000b7af6f0670f690db", "key": "published"}, {"hash": "c54f6e2f6b987d9e98ca9af2fca4e1e9", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5999", "id": "CVE-2007-5999", "lastseen": "2016-09-03T09:46:20", "modified": "2008-09-05T17:32:08", "objectVersion": "1.2", "published": "2007-11-15T17:46:00", "references": ["http://www.milw0rm.com/exploits/4617", "http://www.securityfocus.com/bid/26399", "http://xforce.iss.net/xforce/xfdb/38399"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-5999", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:46:20"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:softbizscripts:softbiz_auctions_script"], "cvelist": ["CVE-2007-5999"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 2, "enchantments": {}, "hash": "aea299fd46f9b706fd1e4d2d0cbd3d95172cecb19ccef1e520c473918fd9f4c9", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "40b9112ba87d763c9fb157d90df25608", "key": "references"}, {"hash": "73e8445a1c43120b5a7a14a881eb1ea7", "key": "href"}, {"hash": "cab856d46d4f2eff95f956e6ffb3c19f", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "ad10d0fc14e37f3b04252f4636daefef", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "185e983aeb363e41f19be342326e4abd", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6e0ca11f8a1d69f848f4446f30c55568", "key": "modified"}, {"hash": "64b539d3b5cde60b9166a44e150b285f", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "b6edc112d5df2000b7af6f0670f690db", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5999", "id": "CVE-2007-5999", "lastseen": "2017-07-29T11:22:21", "modified": "2017-07-28T21:33:58", "objectVersion": "1.3", "published": "2007-11-15T17:46:00", "references": ["http://www.milw0rm.com/exploits/4617", "http://www.securityfocus.com/bid/26399", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38399"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-5999", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:22:21"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "64b539d3b5cde60b9166a44e150b285f"}, {"key": "cvelist", "hash": "cab856d46d4f2eff95f956e6ffb3c19f"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "ad10d0fc14e37f3b04252f4636daefef"}, {"key": "href", "hash": "73e8445a1c43120b5a7a14a881eb1ea7"}, {"key": "modified", "hash": "1c3de1868542cd3ad9314d3a706ff9ac"}, {"key": "published", "hash": "b6edc112d5df2000b7af6f0670f690db"}, {"key": "references", "hash": "513a0da5628d417c84b00f5109cb2c9d"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "185e983aeb363e41f19be342326e4abd"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "84af99dfb6dbe3d43143158dde5f77d5baa33bc579a73e97a259e98e867915d1", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:softbizscripts:softbiz_auctions_script"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:4617", "type": "exploitdb", "title": "Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln", "description": "Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln. CVE-2007-5999. Webapps exploit for php platform", "published": "2007-11-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4617/", "cvelist": ["CVE-2007-5999"], "lastseen": "2016-01-31T21:21:18"}], "osvdb": [{"id": "OSVDB:39733", "type": "osvdb", "title": "Softbiz Auctions Script product_desc.php id Variable SQL Injection", "description": "## Vulnerability Description\nSoftbiz Auctions Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'product_desc.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/product_desc.php?id=999999%20union/**/select/**/0,1,admin_name,3,4,5,6,7,8,9,10,pwd,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/from/**/sbauctions_admin/*\n## References:\nVendor URL: http://www.softbizscripts.com/auctions-script-features.php\nISS X-Force ID: 38399\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4617\n[CVE-2007-5999](https://vulners.com/cve/CVE-2007-5999)\nBugtraq ID: 26399\n", "published": "2007-11-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:39733", "cvelist": ["CVE-2007-5999"], "lastseen": "2017-04-28T13:20:35"}]}}
