Description
SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Exploits (1)
References (6)
Core 6
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3670
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23340
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488375/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488316/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1275
Scores
EPSS
0.0125
EPSS Percentile
79.4%
Details
Status
published
Products (1)
wf-links/wf-links
< 1.03
Published
Apr 30, 2007
Tracked Since
Feb 18, 2026