Detections
Analytics

CVE-2007-1974

critical

Description

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

References

https://www.exploit-db.com/exploits/3646

https://www.exploit-db.com/exploits/3645

https://www.exploit-db.com/exploits/3644

https://exchange.xforce.ibmcloud.com/vulnerabilities/33380

https://exchange.xforce.ibmcloud.com/vulnerabilities/33379

https://exchange.xforce.ibmcloud.com/vulnerabilities/33378

http://www.xoops.org/modules/news/article.php?storyid=3717

http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411

http://www.vupen.com/english/advisories/2007/1209

http://www.vupen.com/english/advisories/2007/1208

http://www.vupen.com/english/advisories/2007/1207

http://www.securityfocus.com/bid/23261

http://www.securityfocus.com/bid/23259

http://www.securityfocus.com/bid/23258

http://www.securityfocus.com/archive/1/488317/100/0/threaded

http://www.attrition.org/pipermail/vim/2007-April/001507.html

http://osvdb.org/52230

http://osvdb.org/41387

http://addons.zarilia.com/index.php?page_type=static&id=43

Details

Source: Mitre, NVD

Published: 2007-04-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical