PHCDownload search.php string Variable SQL Injection

{"id": "OSVDB:40191", "bulletinFamily": "software", "title": "PHCDownload search.php string Variable SQL Injection", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:28258](https://secuniaresearch.flexerasoftware.com/advisories/28258/)\n[Related OSVDB ID: 40190](https://vulners.com/osvdb/OSVDB:40190)\nOther Advisory URL: http://lostmon.blogspot.com/2007/12/xss-flaw-posible-sql-injection-in.html\n[CVE-2007-6670](https://vulners.com/cve/CVE-2007-6670)\nBugtraq ID: 27066\n", "published": "2007-12-28T00:00:00", "modified": "2007-12-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:40191", "reporter": "OSVDB", "references": [], "cvelist": ["CVE-2007-6670"], "type": "osvdb", "lastseen": "2017-04-28T13:20:36", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4622f2762f7536810bb05dbb5685336e"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "3c02c1fe4a91182a59612267a2607c55"}, {"key": "href", "hash": "d73330a0d769910c6972c4e37dc5082e"}, {"key": "modified", "hash": "9f06faad2c63af74ccb0af0790fe0e15"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "9f06faad2c63af74ccb0af0790fe0e15"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "6dd65bc7fecd5414ae6dbcb05d313758"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "9073d181ad22c78ec77ffb4aeeb39c5349203ea5b40255561f8b4427fe478d3c", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [], "enchantments": {"vulnersScore": 3.7}}

{"result": {"cve": [{"id": "CVE-2007-6670", "type": "cve", "title": "CVE-2007-6670", "description": "SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.", "published": "2008-01-07T21:46:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6670", "cvelist": ["CVE-2007-6670"], "lastseen": "2016-09-03T09:56:12"}], "seebug": [{"id": "SSV-84314", "type": "seebug", "title": "PHCDownload 1.1 search.php string Parameter SQL Injection", "description": "Summary: \nIn PHCDownload 1.1.0 script search. php the presence of SQL injection vulnerabilities. A remote attacker may be by means of via a String parameter, to execute arbitrary SQL commands.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-84314", "cvelist": ["CVE-2007-6670"], "lastseen": "2016-07-28T02:44:02"}], "exploitdb": [{"id": "EDB-ID:30957", "type": "exploitdb", "title": "PHCDownload 1.1 - search.php string Parameter SQL Injection", "description": "PHCDownload 1.1 search.php string Parameter SQL Injection. CVE-2007-6670. Webapps exploit for php platform", "published": "2007-12-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/30957/", "cvelist": ["CVE-2007-6670"], "lastseen": "2016-02-03T13:31:22"}]}}