Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
phpRPG SQL Injection and Session Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
phpRPG
by:
Not mentioned
7.5
CVSS
HIGH
SQL Injection, Session Hijacking
89
CWE
Product Name: phpRPG
Affected Version From: 0.8.0
Affected Version To: 0.8.0
Patch Exists: NO
Related CWE: CVE-2007-5289
CPE: a:phprpg:phprpg:0.8.0
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2007

phpRPG SQL Injection and Session Vulnerabilities

The SQL injection vulnerability and session vulnerability in phpRPG allow unauthorized users to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Upgrade to a patched version of phpRPG.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26884/info

phpRPG is prone to two vulnerabilities:

- An SQL-injection vulnerability
- A vulnerability that lets remote attackers gain access to sessions.

Exploiting these issues may allow an unauthorized user to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects phpRPG 0.8.0; other versions may also be affected. 

http://www.example.com/phpRPG-0.8.0/tmp/

Navigation

Suggest Exploit

Services By CQR