cve/2007/CVE-2007-6127.md

CVE-2007-6127

Description

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.

POC

Reference

• https://www.exploit-db.com/exploits/4655

Github

No PoCs found on GitHub currently.