CVE-2007-1817

lykos_reviews_module 1.00 - SQL Injection via uid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1817. PoCs published by ajann.

AI-analyzed exploit summary This is a JavaScript-based blind SQL injection exploit targeting XOOPS Module Lykos Reviews 1.00. It automates the extraction of the admin password by testing ASCII values of characters in the password field.

Description

SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ajann · htmlwebappsphp
https://www.exploit-db.com/exploits/3618

This is a JavaScript-based blind SQL injection exploit targeting XOOPS Module Lykos Reviews 1.00. It automates the extraction of the admin password by testing ASCII values of characters in the password field.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: XOOPS Module Lykos Reviews 1.00
No auth needed
Prerequisites: Target must be running XOOPS with the vulnerable Lykos Reviews module · JavaScript must be enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34463
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23232
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3618
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33365
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1189

Scores

EPSS 0.0221
EPSS Percentile 80.3%

Details

Status published
Products (1)
lykoszine/lykos_reviews_module 1.00
Published Apr 02, 2007
Tracked Since Feb 18, 2026