Back to search
CVE-2007-1974
Published: Apr 12, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.xoops.org/modules/news/article.php?storyid=3717
x_refsource_CONFIRM
23258
vdb-entry
x_refsource_BID
41387
vdb-entry
x_refsource_OSVDB
xoops-wfsection-print-sql-injection(33378)
vdb-entry
x_refsource_XF
3646
exploit
x_refsource_EXPLOIT-DB
ADV-2007-1209
vdb-entry
x_refsource_VUPEN
20080218 XOOPS Module section SQL Injection(articleid)
mailing-list
x_refsource_BUGTRAQ
http://addons.zarilia.com/index.php?page_type=static&id=43
x_refsource_CONFIRM
xoops-xfsection-print-sql-injection(33380)
vdb-entry
x_refsource_XF
23261
vdb-entry
x_refsource_BID
23259
vdb-entry
x_refsource_BID
52230
vdb-entry
x_refsource_OSVDB
xoops-zmagazine-print-sql-injection(33379)
vdb-entry
x_refsource_XF
20070411 WF-Sections SQL injection vendor ack; shows up in other modules
mailing-list
x_refsource_VIM
3645
exploit
x_refsource_EXPLOIT-DB
ADV-2007-1208
vdb-entry
x_refsource_VUPEN
ADV-2007-1207
vdb-entry
x_refsource_VUPEN
3644
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now