CVE-2007-1974: SQL Injection
First published: Thu Apr 12 2007(Updated: )
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pumpkin Studios Warzone Resurrection | =1.0.1 | |
| Xoops Zmagazine Module | =1.0 | |
| Xoops Xfsection Module | <=1.07 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411
- http://www.xoops.org/modules/news/article.php?storyid=3717
- http://addons.zarilia.com/index.php?page_type=static&id=43
- http://www.attrition.org/pipermail/vim/2007-April/001507.html
- http://www.securityfocus.com/bid/23258
- http://www.securityfocus.com/bid/23259
- http://www.securityfocus.com/bid/23261
- http://osvdb.org/41387
- http://osvdb.org/52230
- http://www.vupen.com/english/advisories/2007/1208
- http://www.vupen.com/english/advisories/2007/1207
- http://www.vupen.com/english/advisories/2007/1209
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33380
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33378
- https://www.exploit-db.com/exploits/3646
- https://www.exploit-db.com/exploits/3645
- https://www.exploit-db.com/exploits/3644
- http://www.securityfocus.com/archive/1/488317/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-1974?
CVE-2007-1974 has a high severity rating due to its potential for remote SQL injection attacks.
How do I fix CVE-2007-1974?
To fix CVE-2007-1974, upgrade to a version of WF-Sections that is not affected, such as versions later than 1.0.1.
What applications are affected by CVE-2007-1974?
CVE-2007-1974 affects WF-Section 1.0.1 and specific Xoops modules like Zmagazine 1.0 and Happy Linux XFsection 1.07 and earlier.
Can CVE-2007-1974 lead to data loss?
Yes, CVE-2007-1974 can allow remote attackers to execute arbitrary SQL commands, potentially leading to data loss.
Is CVE-2007-1974 a common vulnerability?
CVE-2007-1974 is a notable vulnerability primarily found in legacy Xoops modules, making it less common but still critical to address.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wf-sections
- canonical/pumpkin studios warzone resurrection
- version/pumpkin studios warzone resurrection/1.0.1
- vendor/xoops
- canonical/xoops zmagazine module
- version/xoops zmagazine module/1.0
- canonical/xoops xfsection module
- version/xoops xfsection module/1.07