Sql injection

2007-03-2322:19:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON

Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.

CPENameOperatorVersion
net_portal_dynamic_systemle5.10

CPE	Name	Operator	Version
	net_portal_dynamic_system	le	5.10

References

secunia.com/advisories/24571

securityreason.com/securityalert/2473

www.attrition.org/pipermail/vim/2007-March/001460.html

www.securityfocus.com/archive/1/463176/100/0/threaded