CVE-2007-1846

Xoops Malaika System Myads Module < 2.04 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3603

View Code ZIP pw:eip

References (4)

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/23212

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3603

[Third Party Advisory, VDB Entry] http://osvdb.org/37372

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33334

Scores

EPSS 0.0100

EPSS Percentile 77.1%

Details

Status published

Products (1)

xoops/malaika_system_myads_module < 2.04

Published Apr 03, 2007

Tracked Since Feb 18, 2026