CVE-2007-1979

Xoops Popnupblog < 2.52 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · htmlwebappsphp

https://www.exploit-db.com/exploits/3655

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/24761

[Exploit] http://www.securityfocus.com/bid/23286

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3655

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1206

Scores

EPSS 0.0050

EPSS Percentile 65.8%

Classification

Status draft

Affected Products (1)

xoops/xoops_popnupblog < 2.52

Timeline

Published Apr 12, 2007

Tracked Since Feb 18, 2026