Search criteria
2 vulnerabilities by wf-sections
CVE-2007-1974 (GCVE-0-2007-1974)
Vulnerability from cvelistv5 – Published: 2007-04-12 00:00 – Updated: 2024-08-07 13:13
VLAI
Summary
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2007-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xoops.org/modules/news/article.php?storyid=3717"
},
{
"name": "23258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23258"
},
{
"name": "41387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41387"
},
{
"name": "xoops-wfsection-print-sql-injection(33378)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33378"
},
{
"name": "3646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3646"
},
{
"name": "ADV-2007-1209",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat\u0026order=ASC\u0026topic_id=58229\u0026forum=4\u0026move=next\u0026topic_time=1176217411"
},
{
"name": "20080218 XOOPS Module section SQL Injection(articleid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488317/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://addons.zarilia.com/index.php?page_type=static\u0026id=43"
},
{
"name": "xoops-xfsection-print-sql-injection(33380)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33380"
},
{
"name": "23261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23261"
},
{
"name": "23259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23259"
},
{
"name": "52230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52230"
},
{
"name": "xoops-zmagazine-print-sql-injection(33379)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33379"
},
{
"name": "20070411 WF-Sections SQL injection vendor ack; shows up in other modules",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-April/001507.html"
},
{
"name": "3645",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3645"
},
{
"name": "ADV-2007-1208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1208"
},
{
"name": "ADV-2007-1207",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1207"
},
{
"name": "3644",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xoops.org/modules/news/article.php?storyid=3717"
},
{
"name": "23258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23258"
},
{
"name": "41387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41387"
},
{
"name": "xoops-wfsection-print-sql-injection(33378)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33378"
},
{
"name": "3646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3646"
},
{
"name": "ADV-2007-1209",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat\u0026order=ASC\u0026topic_id=58229\u0026forum=4\u0026move=next\u0026topic_time=1176217411"
},
{
"name": "20080218 XOOPS Module section SQL Injection(articleid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488317/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://addons.zarilia.com/index.php?page_type=static\u0026id=43"
},
{
"name": "xoops-xfsection-print-sql-injection(33380)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33380"
},
{
"name": "23261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23261"
},
{
"name": "23259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23259"
},
{
"name": "52230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52230"
},
{
"name": "xoops-zmagazine-print-sql-injection(33379)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33379"
},
{
"name": "20070411 WF-Sections SQL injection vendor ack; shows up in other modules",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-April/001507.html"
},
{
"name": "3645",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3645"
},
{
"name": "ADV-2007-1208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1208"
},
{
"name": "ADV-2007-1207",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1207"
},
{
"name": "3644",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xoops.org/modules/news/article.php?storyid=3717",
"refsource": "CONFIRM",
"url": "http://www.xoops.org/modules/news/article.php?storyid=3717"
},
{
"name": "23258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23258"
},
{
"name": "41387",
"refsource": "OSVDB",
"url": "http://osvdb.org/41387"
},
{
"name": "xoops-wfsection-print-sql-injection(33378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33378"
},
{
"name": "3646",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3646"
},
{
"name": "ADV-2007-1209",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1209"
},
{
"name": "http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat\u0026order=ASC\u0026topic_id=58229\u0026forum=4\u0026move=next\u0026topic_time=1176217411",
"refsource": "MISC",
"url": "http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat\u0026order=ASC\u0026topic_id=58229\u0026forum=4\u0026move=next\u0026topic_time=1176217411"
},
{
"name": "20080218 XOOPS Module section SQL Injection(articleid)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488317/100/0/threaded"
},
{
"name": "http://addons.zarilia.com/index.php?page_type=static\u0026id=43",
"refsource": "CONFIRM",
"url": "http://addons.zarilia.com/index.php?page_type=static\u0026id=43"
},
{
"name": "xoops-xfsection-print-sql-injection(33380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33380"
},
{
"name": "23261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23261"
},
{
"name": "23259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23259"
},
{
"name": "52230",
"refsource": "OSVDB",
"url": "http://osvdb.org/52230"
},
{
"name": "xoops-zmagazine-print-sql-injection(33379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33379"
},
{
"name": "20070411 WF-Sections SQL injection vendor ack; shows up in other modules",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-April/001507.html"
},
{
"name": "3645",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3645"
},
{
"name": "ADV-2007-1208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1208"
},
{
"name": "ADV-2007-1207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1207"
},
{
"name": "3644",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1974",
"datePublished": "2007-04-12T00:00:00.000Z",
"dateReserved": "2007-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:42.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0725 (GCVE-0-2005-0725)
Vulnerability from cvelistv5 – Published: 2005-03-12 05:00 – Updated: 2024-08-07 21:21
VLAI
Summary
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=111049618519821&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wfsections-wfsfiles-sql-injection(19660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19660"
},
{
"name": "20050308 Wfsection 1.07 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111049618519821\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wfsections-wfsfiles-sql-injection(19660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19660"
},
{
"name": "20050308 Wfsection 1.07 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111049618519821\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wfsections-wfsfiles-sql-injection(19660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19660"
},
{
"name": "20050308 Wfsection 1.07 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111049618519821\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0725",
"datePublished": "2005-03-12T05:00:00.000Z",
"dateReserved": "2005-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:21:06.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}