CVE-2007-0377

Name of the Vulnerable Software and Affected Versions: Xoops version 2.0.16

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in kernel/group.php in core, the lid parameter in class/table broken.php in the Weblinks module, and other unspecified vectors.

Recommendations: For Xoops version 2.0.16, consider restricting access to the kernel/group.php and class/table broken.php files until a patch is available. Avoid using the id and lid parameters in the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.