CVE-2007-1960

Xoops Rha7 Downloads Module - SQL Injection

Title source: rule

Description

SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3666

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/34460

[Exploit] http://www.securityfocus.com/bid/23320

[Vendor Advisory] http://secunia.com/advisories/24790

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3666

Scores

EPSS 0.0070

EPSS Percentile 72.2%

Details

CWE

CWE-89

Status published

Products (2)

xoops/rha7_downloads_module 1.0

xoops/rha7_downloads_module 1.10

Published Apr 11, 2007

Tracked Since Feb 18, 2026