What is the severity of CVE-2007-3127?

CVE-2007-3127 is considered a medium severity vulnerability due to its potential exposure of sensitive installation path information.

How do I fix CVE-2007-3127?

To fix CVE-2007-3127, ensure that the magic_quotes_gpc directive is enabled in your PHP configuration.

What software is affected by CVE-2007-3127?

CVE-2007-3127 affects IBM WebSphere Portal version 1.0.

What type of attack can exploit CVE-2007-3127?

CVE-2007-3127 can be exploited by remote attackers who use a specially crafted request to trigger a SQL error.

What information can be leaked due to CVE-2007-3127?

CVE-2007-3127 can leak sensitive information such as the installation path of the WebSphere Portal due to error messages.

Vulnerability/
CVE-2007-3127

medium

CWE

NVD-CWE-Other

19/6/2007

16/10/2018

CVE-2007-3127

First published: Tue Jun 19 2007(Updated: )

content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM WebSphere Portal	=1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-3127?
CVE-2007-3127 is considered a medium severity vulnerability due to its potential exposure of sensitive installation path information.
How do I fix CVE-2007-3127?
To fix CVE-2007-3127, ensure that the magic_quotes_gpc directive is enabled in your PHP configuration.
What software is affected by CVE-2007-3127?
CVE-2007-3127 affects IBM WebSphere Portal version 1.0.
What type of attack can exploit CVE-2007-3127?
CVE-2007-3127 can be exploited by remote attackers who use a specially crafted request to trigger a SQL error.
What information can be leaked due to CVE-2007-3127?
CVE-2007-3127 can leak sensitive information such as the installation path of the WebSphere Portal due to error messages.

agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm websphere portal
version/ibm websphere portal/1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.