SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
addons.zarilia.com/index.php?page_type=static&id=43
osvdb.org/41387
osvdb.org/52230
www.attrition.org/pipermail/vim/2007-April/001507.html
www.securityfocus.com/archive/1/488317/100/0/threaded
www.securityfocus.com/bid/23258
www.securityfocus.com/bid/23259
www.securityfocus.com/bid/23261
www.vupen.com/english/advisories/2007/1207
www.vupen.com/english/advisories/2007/1208
www.vupen.com/english/advisories/2007/1209
www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411
www.xoops.org/modules/news/article.php?storyid=3717
exchange.xforce.ibmcloud.com/vulnerabilities/33378
exchange.xforce.ibmcloud.com/vulnerabilities/33379
exchange.xforce.ibmcloud.com/vulnerabilities/33380
www.exploit-db.com/exploits/3644
www.exploit-db.com/exploits/3645
www.exploit-db.com/exploits/3646