CVE-2007-2571

Name of the Vulnerable Software and Affected Versions wfquotes module for XOOPS version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in a cat action within the index.php file of the affected module.

Recommendations For version 1.0, consider restricting access to the index.php file in the wfquotes module until a patch is available. As a temporary workaround, avoid using the c parameter in the cat action to minimize the risk of exploitation.