VYPR
Unrated severityNVD Advisory· Published Feb 16, 2007· Updated Jun 16, 2026

CVE-2007-0971

CVE-2007-0971

Description

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jupiter CMS/CMS2 versions
    cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*
    • (no CPE)range: = 1.1.5

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.