PT-2007-3159 · Xoops · Debaser Module For Xoops

Ajann

Published

2007-04-02

Updated

2017-10-11

CVE-2007-1805

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Debaser module for Xoops versions 0.92 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL commands via the genreid parameter in the genre.php file. This can be exploited by sending malicious input to the /genre.php API endpoint.

Recommendations: For versions 0.92 and earlier, consider restricting access to the genre.php file or disabling the genreid parameter until a fix is available. Avoid using the genreid parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1805

Affected Products

Debaser Module For Xoops

PT-2007-3159 · Xoops · Debaser Module For Xoops

CVE-2007-1805

Related Identifiers

Affected Products

References · 5