CVE-2007-4522 (CNNVD-200708-406)
中文标题:
Ripe Website管理器多个SQL注入漏洞
英文标题:
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authen...
漏洞描述
中文描述:
Ripe Website Manager 0.8.9版本及其早期版本中存在多个SQL注入漏洞。远程验证用户可以借助一个或多个一下向量:(1)对(a) pages/delete_page.php, (b) navigation/delete_menu.php, 和 (c) admin/中的navigation/delete_item.php的 id参数; (2) menu_id, (3) name, (3) page_id, 和 (4)(d) admin/navigation/do_new_item.php中的url参数; (5)(e) admin/navigation/do_new_nav.php中的new_menuname参数;和(6)对(f) admin/pages/do_new_page.php的area1, name, 和url参数,执行任意SQL指令。 注意:一些向量可通过对(g) admin/navigation/new_nav_item.php的url和 name参数获得。
英文描述:
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| ripe_website_manager | ripe_website_manager | 0.8.4 | - | - |
cpe:2.3:a:ripe_website_manager:ripe_website_manager:0.8.4:*:*:*:*:*:*:*
|
| ripe_website_manager | ripe_website_manager | 0.8.9 | - | - |
cpe:2.3:a:ripe_website_manager:ripe_website_manager:0.8.9:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
CVSS评分详情
AV:N/AC:M/Au:S/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2007-4522 |
2025-11-11 15:17:55 | 2025-11-11 07:32:46 |
| NVD | nvd_CVE-2007-4522 |
2025-11-11 14:52:12 | 2025-11-11 07:41:32 |
| CNNVD | cnnvd_CNNVD-200708-406 |
2025-11-11 15:08:58 | 2025-11-11 07:49:20 |
| EXPLOITDB | exploitdb_EDB-30518 |
2025-11-11 15:05:42 | 2025-11-11 08:25:33 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 5 -> 8
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> SQL注入
- cnnvd_id: 未提取 -> CNNVD-200708-406
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 6.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:S/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']