header-logo
Suggest Exploit
vendor:
phpRPG
by:
Not mentioned
7.5
CVSS
HIGH
SQL Injection, Session Hijacking
89
CWE
Product Name: phpRPG
Affected Version From: 0.8.0
Affected Version To: 0.8.0
Patch Exists: NO
Related CWE: CVE-2007-5289
CPE: a:phprpg:phprpg:0.8.0
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2007

phpRPG SQL Injection and Session Vulnerabilities

The SQL injection vulnerability and session vulnerability in phpRPG allow unauthorized users to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Upgrade to a patched version of phpRPG.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26884/info

phpRPG is prone to two vulnerabilities:

- An SQL-injection vulnerability
- A vulnerability that lets remote attackers gain access to sessions.

Exploiting these issues may allow an unauthorized user to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects phpRPG 0.8.0; other versions may also be affected. 

http://www.example.com/phpRPG-0.8.0/tmp/