CVE-2007-6380 Information

Description

Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08 and 1.05 Rev 1 through 3 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php (b) adresses/ratefile.php (c) mydownloads/ratefile.php (d) mysections/ratefile.php and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action related issues to CVE-2007-5104 and CVE-2007-6266.

Reference

http://lostmon.blogspot.com/2007/12/e-xoops-multiple-variablescripts-sql.html http://www.securityfocus.com/bid/26796