1. CVE-Search
  2. CVE-2007-1974
ID CVE-2007-1974
Summary SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
References
Vulnerable Configurations
  • cpe:2.3:a:wf-sections:wf-sections:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wf-sections:wf-sections:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:happy_linux_xfsection_module:*:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:happy_linux_xfsection_module:*:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:zmagazine_module:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:zmagazine_module:1.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 23258
  • 23259
  • 23261
bugtraq 20080218 XOOPS Module section SQL Injection(articleid)
confirm
exploit-db
  • 3644
  • 3645
  • 3646
misc http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411
osvdb
  • 41387
  • 52230
vim 20070411 WF-Sections SQL injection vendor ack; shows up in other modules
vupen
  • ADV-2007-1207
  • ADV-2007-1208
  • ADV-2007-1209
xf
  • xoops-wfsection-print-sql-injection(33378)
  • xoops-xfsection-print-sql-injection(33380)
  • xoops-zmagazine-print-sql-injection(33379)
Last major update 16-10-2018 - 16:41
Published 12-04-2007 - 00:19
Last modified 16-10-2018 - 16:41
Back to Top