Unrated severityNVD Advisory· Published Sep 18, 2007· Updated Apr 23, 2026

CVE-2007-4956

Description

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

Affected products

Kwsphp/Kwsphp
cpe:2.3:a:kwsphp:kwsphp:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

koogar.alorys-hebergement.com/kwsphp/index.phpnvd
osvdb.org/37180nvd
osvdb.org/37182nvd
secunia.com/advisories/26850nvd
www.securityfocus.com/bid/25679nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36634nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36635nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36636nvd
www.exploit-db.com/exploits/4412nvd
www.exploit-db.com/exploits/4413nvd
www.exploit-db.com/exploits/4414nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000