Vulnerabilities > CVE-2005-0725 - SQL-Injection vulnerability in Wf-Sections 1.07
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description XOOPS Module Zmagazine 1.0 (print.php) Remote SQL Injection Exploit. CVE-2005-0725,CVE-2007-1974. Webapps exploit for php platform file exploits/php/webapps/3646.pl id EDB-ID:3646 last seen 2016-01-31 modified 2007-04-02 platform php port published 2007-04-02 reporter ajann source https://www.exploit-db.com/download/3646/ title XOOPS Module Zmagazine 1.0 print.php Remote SQL Injection Exploit type webapps description XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit. CVE-2005-0725,CVE-2007-1974. Webapps exploit for php platform file exploits/php/webapps/3645.html id EDB-ID:3645 last seen 2016-01-31 modified 2007-04-02 platform php port published 2007-04-02 reporter ajann source https://www.exploit-db.com/download/3645/ title XOOPS Module XFsection <= 1.07 articleid BLIND SQL Injection Exploit type webapps description XOOPS Module WF-Section <= 1.01 (articleid) SQL Injection Exploit. CVE-2005-0725,CVE-2007-1974. Webapps exploit for php platform file exploits/php/webapps/3644.pl id EDB-ID:3644 last seen 2016-01-31 modified 2007-04-02 platform php port published 2007-04-02 reporter ajann source https://www.exploit-db.com/download/3644/ title XOOPS Module WF-Section <= 1.01 articleid SQL Injection Exploit type webapps