XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module XFsection = 1.07 articleid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module XFsection = 1.07...

Remote file inclusion

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

CVE-2007-3222

Summary (CVE-2007-3222) : A PHP remote file inclusion vulnerability exists in the XFSection 1.07 module for XOOPS, specifically in modify.php where the dir_module parameter is unsafely used to include PHP code. This allows an attacker to cause arbitrary PHP code execution by supplying a crafted U...

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...