CVE Vulnerability

CVE-2007-6380

Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://lostmon.blogspot.com/2007/12/e-xoops-multiple-variablescripts-sql.html Exploit
http://www.securityfocus.com/bid/26796
Configurations

Configuration 1

cpe:2.3:a:e-xoops:e-xoops:1.05_rev3:*:*:*:*:*:*:*
cpe:2.3:a:e-xoops:e-xoops:1.08:*:*:*:*:*:*:*
cpe:2.3:a:e-xoops:e-xoops:1.05_rev1:*:*:*:*:*:*:*
cpe:2.3:a:e-xoops:e-xoops:1.05_rev2:*:*:*:*:*:*:*
Information

Published : 2007-12-15 01:46

Updated : 2008-09-05 09:33

NVD link : CVE-2007-6380

Mitre link : CVE-2007-6380

Products Affected
No products.
CWE
CWE-89