CVE-2007-1974

Wf-sections < 1.07 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3646

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by ajann · htmlwebappsphp

https://www.exploit-db.com/exploits/3645

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3644

View Code ZIP pw:eip

References (19)

[Patch, Vendor Advisory] http://www.xoops.org/modules/news/article.php?storyid=3717

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23258

[Third Party Advisory, VDB Entry] http://osvdb.org/41387

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33378

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3646

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1209

[Vendor Advisory] http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=58229&forum=4&move=next&topic_time=1176217411

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/488317/100/0/threaded

[Patch] http://addons.zarilia.com/index.php?page_type=static&id=43

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33380

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23261

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23259

[Third Party Advisory, VDB Entry] http://osvdb.org/52230

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33379

[Vendor Advisory] http://www.attrition.org/pipermail/vim/2007-April/001507.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3645

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1208

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1207

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3644

Scores

EPSS 0.0374

EPSS Percentile 88.0%

Details

Status published

Products (3)

wf-sections/wf-sections 1.0.1

xoops/happy_linux_xfsection_module < 1.07

xoops/zmagazine_module 1.0

Published Apr 12, 2007

Tracked Since Feb 18, 2026