SQL Injection Vulnerability in Zomplog Plugin by Zomplog
CVE-2007-2773

Currently unrated

Key Information:

Vendor: Zomplog
Status: Zomplog
Vendor: CVE Published:; 21 May 2007

What is CVE-2007-2773?

The Zomplog plugin, specifically in versions 3.8 and earlier, contains an SQL injection vulnerability in the mp3playlist.php file. This flaw allows remote attackers to exploit the 'speler' parameter, enabling them to execute arbitrary SQL commands on the database. Successful exploitation can lead to unauthorized data access or manipulation, posing significant risks to the integrity and confidentiality of the affected systems.

References

https://www.exploit-db.com/exploits/3955

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/24064

vdb-entryx_refsource_BID

http://osvdb.org/35017

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2007
Vulnerability Reserved
May 21, 2007

JSON