CVE-2007-1960

SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xoops:rha7_downloads_module:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xoops:rha7_downloads_module:1.10:*:*:*:*:*:*:*

History

21 Nov 2024, 00:29

Type Values Removed Values Added
References () http://osvdb.org/34460 - () http://osvdb.org/34460 -
References () http://secunia.com/advisories/24790 - Vendor Advisory () http://secunia.com/advisories/24790 - Vendor Advisory
References () http://www.securityfocus.com/bid/23320 - Exploit () http://www.securityfocus.com/bid/23320 - Exploit
References () https://www.exploit-db.com/exploits/3666 - () https://www.exploit-db.com/exploits/3666 -

Information

Published : 2007-04-11 10:19

Updated : 2024-11-21 00:29


NVD link : CVE-2007-1960

Mitre link : CVE-2007-1960

CVE.ORG link : CVE-2007-1960


JSON object : View

Products Affected

xoops

  • rha7_downloads_module
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')