Lucene search

MitreCVELIST:CVE-2007-1974

HistoryApr 12, 2007 - 12:00 a.m.

CVE-2007-1974

2007-04-1200:00:00

mitre

www.cve.org

8.4 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.1%

JSON

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

References

addons.zarilia.com/index.php?page_type=static&id=43

osvdb.org/41387

osvdb.org/52230

www.attrition.org/pipermail/vim/2007-April/001507.html

www.securityfocus.com/archive/1/488317/100/0/threaded

www.securityfocus.com/bid/23258

www.securityfocus.com/bid/23259

www.securityfocus.com/bid/23261

www.vupen.com/english/advisories/2007/1207

www.vupen.com/english/advisories/2007/1208

www.vupen.com/english/advisories/2007/1209

www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411

www.xoops.org/modules/news/article.php?storyid=3717

exchange.xforce.ibmcloud.com/vulnerabilities/33378

exchange.xforce.ibmcloud.com/vulnerabilities/33379

exchange.xforce.ibmcloud.com/vulnerabilities/33380

www.exploit-db.com/exploits/3644

www.exploit-db.com/exploits/3645

www.exploit-db.com/exploits/3646