CVE-2017-15970

PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpcityportal:phpcityportal:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:15

Type Values Removed Values Added
References () https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html - Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/43089/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/43089/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2017-10-29 06:29

Updated : 2024-11-21 03:15


NVD link : CVE-2017-15970

Mitre link : CVE-2017-15970

CVE.ORG link : CVE-2017-15970


JSON object : View

Products Affected

phpcityportal

  • phpcityportal
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')