8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.4%
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
CPE | Name | Operator | Version |
---|---|---|---|
wf-sections | eq | 1.0.1 | |
happy_linux_xfsection_module | le | 1.07 | |
zmagazine_module | eq | 1.0 |
addons.zarilia.com/index.php?page_type=static&id=43
osvdb.org/41387
osvdb.org/52230
www.attrition.org/pipermail/vim/2007-April/001507.html
www.securityfocus.com/archive/1/488317/100/0/threaded
www.securityfocus.com/bid/23258
www.securityfocus.com/bid/23259
www.securityfocus.com/bid/23261
www.vupen.com/english/advisories/2007/1207
www.vupen.com/english/advisories/2007/1208
www.vupen.com/english/advisories/2007/1209
www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411
www.xoops.org/modules/news/article.php?storyid=3717
exchange.xforce.ibmcloud.com/vulnerabilities/33378
exchange.xforce.ibmcloud.com/vulnerabilities/33379
exchange.xforce.ibmcloud.com/vulnerabilities/33380
www.exploit-db.com/exploits/3644
www.exploit-db.com/exploits/3645
www.exploit-db.com/exploits/3646