CVE-2007-4645

Published: Aug 31, 2007Modified: Apr 23, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108.

Affected (1)

Products: Nmdeluxe: Nmdeluxe

Nmdeluxe

1 product

Nmdeluxe

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nmdeluxe Nmdeluxe	Version 2.0.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://osvdb.org/36688

Source: cve@mitre.org

http://secunia.com/advisories/26652

Source: cve@mitre.org

http://www.securityfocus.com/bid/25488

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3014

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36347

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4342

Source: cve@mitre.org

http://osvdb.org/36688