SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
References
Link | Resource |
---|---|
http://osvdb.org/34460 | |
http://secunia.com/advisories/24790 | Vendor Advisory |
http://www.securityfocus.com/bid/23320 | Exploit |
https://www.exploit-db.com/exploits/3666 | |
http://osvdb.org/34460 | |
http://secunia.com/advisories/24790 | Vendor Advisory |
http://www.securityfocus.com/bid/23320 | Exploit |
https://www.exploit-db.com/exploits/3666 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/34460 - | |
References | () http://secunia.com/advisories/24790 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/23320 - Exploit | |
References | () https://www.exploit-db.com/exploits/3666 - |
Information
Published : 2007-04-11 10:19
Updated : 2024-11-21 00:29
NVD link : CVE-2007-1960
Mitre link : CVE-2007-1960
CVE.ORG link : CVE-2007-1960
JSON object : View
Products Affected
xoops
- rha7_downloads_module
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')