exploitDog

CVE-2007-1974

Опубликовано: 12 апр. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wf-sections:wf-sections:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:happy_linux_xfsection_module:*:*:*:*:*:*:*:*

Версия до 1.07 (включая)

cpe:2.3:a:xoops:zmagazine_module:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03642

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c3h9-q6vg-353f

github

почти 4 года назад

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

EPSS

Процентиль: 88%

0.03642

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other