VYPR
Unrated severityNVD Advisory· Published May 9, 2007· Updated Jun 16, 2026

CVE-2007-2537

CVE-2007-2537

Description

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Npds/Npds2 versions
    cpe:2.3:a:npds:npds:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:npds:npds:*:*:*:*:*:*:*:*range: <=5.10
    • (no CPE)range: <=5.10

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.