CVE-2007-1974

Name of the Vulnerable Software and Affected Versions WF-Section (aka WF-Sections) version 1.0.1 Zmagazine version 1.0 Happy Linux XFsection versions 1.07 and earlier

Description A SQL injection issue exists in the getArticle function in class/wfsarticle.php, allowing remote attackers to execute arbitrary SQL commands via the articleid parameter to "print.php".

Recommendations For WF-Section (aka WF-Sections) version 1.0.1, avoid using the articleid parameter in the affected API endpoint until the issue is resolved. For Zmagazine version 1.0, restrict access to the vulnerable module to minimize the risk of exploitation. For Happy Linux XFsection versions 1.07 and earlier, consider disabling the getArticle function in class/wfsarticle.php as a temporary workaround until a patch is available.