Unrated severityNVD Advisory· Published May 9, 2007· Updated Apr 23, 2026

CVE-2007-2537

Description

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

Affected products

Npds/Npds
cpe:2.3:a:npds:npds:*:*:*:*:*:*:*:*
Range: <=5.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.aeroxteam.fr/exploit-NPDS-5.10.txtnvdExploit
www.securityfocus.com/bid/23831nvdExploit
osvdb.org/36195nvd
securityreason.com/securityalert/2670nvd
www.securityfocus.com/archive/1/467696/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/34109nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000