CVE-2007-1979 - SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows

CVE-2007-1979

Summary

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.

References

http://secunia.com/advisories/24761
http://www.securityfocus.com/bid/23286
http://www.vupen.com/english/advisories/2007/1206
https://www.exploit-db.com/exploits/3655

Vulnerable Configurations

cpe:2.3:a:xoops:xoops_popnupblog:*:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops_popnupblog:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	23286
exploit-db	3655
secunia	24761
vupen	ADV-2007-1206

Last major update

11-10-2017 - 01:32

Published

12-04-2007 - 01:19

Last modified

11-10-2017 - 01:32