Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Net_portal_dynamic_system | Net_portal_dynamic_system | * | 5.10 (including) |
References
- http://secunia.com/advisories/24571
- http://securityreason.com/securityalert/2473
- http://www.attrition.org/pipermail/vim/2007-March/001460.html
- http://www.securityfocus.com/archive/1/463176/100/0/threaded
- http://secunia.com/advisories/24571
- http://securityreason.com/securityalert/2473
- http://www.attrition.org/pipermail/vim/2007-March/001460.html
- http://www.securityfocus.com/archive/1/463176/100/0/threaded