CVE-2007-1846

Xoops Malaika System Myads Module < 2.04 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3603

View Code ZIP pw:eip

References (4)

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/23212

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33334

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3603

[Third Party Advisory, VDB Entry] http://osvdb.org/37372

Scores

EPSS 0.0050

EPSS Percentile 65.8%

Classification

Status draft

Affected Products (1)

xoops/malaika_system_myads_module < 2.04

Timeline

Published Apr 03, 2007

Tracked Since Feb 18, 2026