2 matches found
XOOPS Module WF Links Remote SQL Injection (CVE-2007-2373)
An SQL injection vulnerability has been reported in Wf-links. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2007-2373
The provided connected documents confirm a concrete vulnerability: WF-Links (wflinks) module for XOOPS, version 1.03 and earlier, contains an SQL injection in viewcat.php. The flaw allows remote attackers to manipulate the cid parameter to execute arbitrary SQL commands on the backend. The affect...