Vulnerabilities > CVE-2007-3311 - SQL-Injection vulnerability in Articles Module
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description XOOPS module Articles <= 1.02 (print.php id) SQL Injection Exploit. CVE-2007-3311. Webapps exploit for php platform file exploits/php/webapps/3588.pl id EDB-ID:3588 last seen 2016-01-31 modified 2007-03-27 platform php port published 2007-03-27 reporter WiLdBoY source https://www.exploit-db.com/download/3588/ title XOOPS module Articles <= 1.02 print.php id SQL Injection Exploit type webapps description XOOPS module Articles <= 1.03 (index.php cat_id) SQL Injection Exploit. CVE-2007-3311. Webapps exploit for php platform id EDB-ID:3594 last seen 2016-01-31 modified 2007-03-28 published 2007-03-28 reporter ajann source https://www.exploit-db.com/download/3594/ title XOOPS module Articles <= 1.03 index.php cat_id SQL Injection Exploit
Nessus
NASL family | CGI abuses |
NASL id | XOOPS_ARTICLES_ID_SQL_INJECTION.NASL |
description | The remote host is running the Articles module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24902 |
published | 2007-03-27 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24902 |
title | XOOPS Articles Module print.php id Parameter SQL Injection |
code |
|