EDB-4794
webappsphpVERIFIED
XZero Community Classifieds 4.95.11 - Local File Inclusion / SQL Injection
CVE-2007-6567CVE-2007-6566
Kw3[R]Ln12/26/2007
CVE-2007-6566
NONESQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
Published: 12/28/2007Updated: 4/9/2025
Description
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
AI AnalysisPowered by AI
Affected Products
xzero_scriptsxzero_community_classifieds
4.95.11
Available Exploits (1)
References
- http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst
- http://osvdb.org/39740
- http://secunia.com/advisories/28250
- http://www.securityfocus.com/archive/1/485545/100/0/threaded
- http://www.securityfocus.com/bid/27042Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39259
- https://www.exploit-db.com/exploits/4794
- http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst
- http://osvdb.org/39740
- http://secunia.com/advisories/28250
- http://www.securityfocus.com/archive/1/485545/100/0/threaded
- http://www.securityfocus.com/bid/27042Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39259
- https://www.exploit-db.com/exploits/4794