CVE-2007-1974 Information

Feb 14, 2021 cve

Description

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1 as used in Xoops modules such as (1) Zmagazine 1.0 (2) Happy Linux XFsection 1.07 and earlier and possibly other modules allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

Reference

http://addons.zarilia.com/index.php?page_type=static&id=43 http://osvdb.org/41387 http://osvdb.org/52230 http://www.attrition.org/pipermail/vim/2007-April/001507.html http://www.securityfocus.com/archive/1/488317/100/0/threaded http://www.securityfocus.com/bid/23258 http://www.securityfocus.com/bid/23259 http://www.securityfocus.com/bid/23261 http://www.vupen.com/english/advisories/2007/1207 http://www.vupen.com/english/advisories/2007/1208 http://www.vupen.com/english/advisories/2007/1209 http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411 http://www.xoops.org/modules/news/article.php?storyid=3717 https://exchange.xforce.ibmcloud.com/vulnerabilities/33378 https://exchange.xforce.ibmcloud.com/vulnerabilities/33379 https://exchange.xforce.ibmcloud.com/vulnerabilities/33380 https://www.exploit-db.com/exploits/3644 https://www.exploit-db.com/exploits/3645 https://www.exploit-db.com/exploits/3646

Share on: