Unrated severityNVD Advisory· Published Feb 16, 2007· Updated Jun 16, 2026
CVE-2007-0971
CVE-2007-0971
Description
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*
- (no CPE)range: = 1.1.5
Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/22560nvdExploit
- mgsdl.free.fr/advisories/12070214.txtnvdVendor Advisory
- www.acid-root.new.fr/advisories/12070214.txtnvdVendor Advisory
- osvdb.org/33727nvd
- www.securityfocus.com/archive/1/460076/100/0/threadednvd
- www.securityfocus.com/archive/1/460100/100/0/threadednvd
- www.exploit-db.com/exploits/3310nvd
News mentions
0No linked articles in our index yet.