SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://addons.zarilia.com/index.php?page_type=static&id=43 - Patch | |
References | () http://osvdb.org/41387 - | |
References | () http://osvdb.org/52230 - | |
References | () http://www.attrition.org/pipermail/vim/2007-April/001507.html - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/488317/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/23258 - | |
References | () http://www.securityfocus.com/bid/23259 - | |
References | () http://www.securityfocus.com/bid/23261 - | |
References | () http://www.vupen.com/english/advisories/2007/1207 - | |
References | () http://www.vupen.com/english/advisories/2007/1208 - | |
References | () http://www.vupen.com/english/advisories/2007/1209 - | |
References | () http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411 - Vendor Advisory | |
References | () http://www.xoops.org/modules/news/article.php?storyid=3717 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/33378 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/33379 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/33380 - | |
References | () https://www.exploit-db.com/exploits/3644 - | |
References | () https://www.exploit-db.com/exploits/3645 - | |
References | () https://www.exploit-db.com/exploits/3646 - |
Information
Published : 2007-04-12 00:19
Updated : 2024-11-21 00:29
NVD link : CVE-2007-1974
Mitre link : CVE-2007-1974
CVE.ORG link : CVE-2007-1974
JSON object : View
Products Affected
xoops
- zmagazine_module
- happy_linux_xfsection_module
wf-sections
- wf-sections
CWE