SQL Injection in OneCMS by OneCMS Inc.
CVE-2007-5016

Currently unrated

Key Information:

Vendor: Insane Visions
Status: Onecms
Vendor: CVE Published:; 20 September 2007

🔔 Create Insane Visions Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2007-5016?

A security flaw exists in OneCMS 2.4 that allows attackers to exploit the userreviews.php script. By injecting crafted SQL commands through the 'abc' parameter, unauthorized individuals can manipulate the underlying database. This vulnerability can lead to unauthorized data access, modification, or deletion, posing a serious risk to the integrity of the affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-5016 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36705

vdb-entryx_refsource_XF

http://secunia.com/advisories/26902

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/37163

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 20, 2007
👾
Exploit known to exist
Sep 20, 2007
Vulnerability published
Sep 20, 2007
Vulnerability Reserved
Sep 20, 2007

CVE-2007-5016 Data

JSON