Vulnerabilities > CVE-2007-1814 - SQL-Injection vulnerability in Core Module

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

xoops

exploit available

NVD

Published: 2007-04-02

Updated: 2017-10-11

Summary

SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.

Vulnerable Configurations

Part	Description	Count
Application	Xoops Xoops Core Module *	1

Exploit-Db

description	XOOPS Module Core (viewcat.php) Remote SQL Injection Exploit. CVE-2007-1814. Webapps exploit for php platform
file	exploits/php/webapps/3620.pl
id	EDB-ID:3620
last seen	2016-01-31
modified	2007-03-31
platform	php
port
published	2007-03-31
reporter	ajann
source	https://www.exploit-db.com/download/3620/
title	XOOPS Module Core viewcat.php Remote SQL Injection Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References