SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
References
Link | Resource |
---|---|
http://osvdb.org/34460 | |
http://secunia.com/advisories/24790 | Vendor Advisory |
http://www.securityfocus.com/bid/23320 | Exploit |
https://www.exploit-db.com/exploits/3666 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-04-11 10:19
Updated : 2024-02-28 11:01
NVD link : CVE-2007-1960
Mitre link : CVE-2007-1960
CVE.ORG link : CVE-2007-1960
JSON object : View
Products Affected
xoops
- rha7_downloads_module
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')