CVE-2007-1974
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.1%
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
Affected configurations
References
addons.zarilia.com/index.php?page_type=static&id=43
osvdb.org/41387
osvdb.org/52230
www.attrition.org/pipermail/vim/2007-April/001507.html
www.securityfocus.com/archive/1/488317/100/0/threaded
www.securityfocus.com/bid/23258
www.securityfocus.com/bid/23259
www.securityfocus.com/bid/23261
www.vupen.com/english/advisories/2007/1207
www.vupen.com/english/advisories/2007/1208
www.vupen.com/english/advisories/2007/1209
www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411
www.xoops.org/modules/news/article.php?storyid=3717
exchange.xforce.ibmcloud.com/vulnerabilities/33378
exchange.xforce.ibmcloud.com/vulnerabilities/33379
exchange.xforce.ibmcloud.com/vulnerabilities/33380
www.exploit-db.com/exploits/3644
www.exploit-db.com/exploits/3645
www.exploit-db.com/exploits/3646
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.1%