CVE-2007-5978

XOOPS mylinks_module - SQL Injection via brokenlink.php lid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5978. PoCs published by [email protected].

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in the Xoops Mylinks module, where unsanitized user input in the 'lid' parameter can be exploited to manipulate SQL queries. The example URL demonstrates a basic SQLi payload.

Description

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by [email protected] · textwebappsphp
https://www.exploit-db.com/exploits/30748

The provided text describes an SQL injection vulnerability in the Xoops Mylinks module, where unsanitized user input in the 'lid' parameter can be exploited to manipulate SQL queries. The example URL demonstrates a basic SQLi payload.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Xoops 2.0.17.1 (Mylinks module)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483525/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38370
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26392
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3362
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38747

Scores

EPSS 0.0041
EPSS Percentile 61.4%

Details

CWE
CWE-89
Status published
Products (1)
xoops/mylinks_module 2.0.17.1
Published Nov 15, 2007
Tracked Since Feb 18, 2026