CVE-2007-4892 – SWSoft Plesk 8.2 - 'login.php3' PLESKSESSID Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2007-4892
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. Múltiples vulnerabilidades de inyección SQL en SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, y 8.2.0 para Windows permiten a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie PLESKSESSID en (1) login.php3 ó (2) auth.php3. • https://www.exploit-db.com/exploits/30577 http://kb.swsoft.com/en/2159 http://marc.info/?l=bugtraq&m=118960991517910&w=2 http://secunia.com/advisories/26741 http://www.osvdb.org/37009 http://www.securityfocus.com/bid/25646 https://exchange.xforce.ibmcloud.com/vulnerabilities/36580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •