Unrated severityNVD Advisory· Published Apr 26, 2007· Updated Apr 23, 2026

CVE-2007-2314

Description

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected products

Crea Book/Crea Book
cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*
Range: <=1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24862nvdVendor Advisory
www.osvdb.org/34818nvd
www.osvdb.org/34819nvd
www.osvdb.org/34820nvd
www.osvdb.org/34821nvd
www.osvdb.org/34822nvd
www.osvdb.org/34823nvd
www.osvdb.org/34824nvd
www.osvdb.org/34825nvd
www.osvdb.org/34826nvd
www.osvdb.org/34827nvd
www.osvdb.org/34828nvd
www.osvdb.org/34829nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000