PT-2007-3171 · Xoops · Xoops Lykos Reviews Module

Ajann

Published

2007-04-02

Updated

2017-10-11

CVE-2007-1817

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Xoops Lykos Reviews module version 1.00

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the uid parameter in a 'u' action within the index.php file of the affected module.

Recommendations: For version 1.00 of the Xoops Lykos Reviews module, avoid using the uid parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1817

Affected Products

Xoops Lykos Reviews Module

PT-2007-3171 · Xoops · Xoops Lykos Reviews Module

CVE-2007-1817

Related Identifiers

Affected Products

References · 6