CVE-2007-1634

Publication date

2007-03-23 22:00:00

Family

mitre

State

PUBLISHED

Description

Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.