CVE-2007-1838

Опубликовано: 03 апр. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

Ссылки

http://www.securityfocus.com/archive/1/464153/100/0/threaded
http://www.securityfocus.com/bid/23184
Exploit
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1146
https://exchange.xforce.ibmcloud.com/vulnerabilities/33292
https://www.exploit-db.com/exploits/3597
http://www.securityfocus.com/archive/1/464153/100/0/threaded
http://www.securityfocus.com/bid/23184
Exploit
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1146
https://exchange.xforce.ibmcloud.com/vulnerabilities/33292
https://www.exploit-db.com/exploits/3597

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xoops:friendfinder_module:*:*:*:*:*:*:*:*

Версия до 3.3 (включая)

EPSS

Процентиль: 70%

0.00642

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c94j-hh9q-hq39

github

почти 4 года назад