SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/23320 | Exploit |
http://secunia.com/advisories/24790 | Vendor Advisory |
http://osvdb.org/34460 | |
https://www.exploit-db.com/exploits/3666 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-04-11 03:19
Updated : 2017-10-10 18:32
NVD link : CVE-2007-1960
Mitre link : CVE-2007-1960
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
xoops
- rha7_downloads_module