QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-2079

Back to search

CVE-2007-2079

Published: Apr 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.

VendorProductVersions

n/a

n/a

affected
n/a

References

xampp-mssqlconnect-bo(33683)
vdb-entry
x_refsource_XF
41594
vdb-entry
x_refsource_OSVDB
3738
exploit
x_refsource_EXPLOIT-DB
23491
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now