How severe is CVE-2007-6380?

The severity of CVE-2007-6380 has not been assessed with CVSS v3.

CVE-2007-6380

Name: e-xoops
Author: e-xoops

NONE

Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.ph

Veröffentlicht: 12/15/2007Aktualisiert: 4/9/2025

Beschreibung

Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.

KI-AnalyseKI-gestützt

Betroffene Produkte

e-xoopse-xoops

1.05_rev1

e-xoopse-xoops

1.05_rev2

e-xoopse-xoops

1.05_rev3

e-xoopse-xoops

1.08

Beschreibung

KI-AnalyseKI-gestützt

Betroffene Produkte

Verfügbare Exploits (7)

E-Xoops 1.0.5/1.0.8 - '/adresses/ratefile.php?lid' SQL Injection

E-Xoops 1.0.5/1.0.8 - '/modules/arcade/index.php?gid' SQL Injection

E-Xoops 1.0.5/1.0.8 - '/modules/banners/click.php?bid' SQL Injection

E-Xoops 1.0.5/1.0.8 - '/myalbum/ratephoto.php?lid' SQL Injection

E-Xoops 1.0.5/1.0.8 - '/mydownloads/ratefile.php?lid' SQL Injection

E-Xoops 1.0.5/1.0.8 - '/mylinks/ratelink.php?lid' SQL Injection

E-Xoops 1.0.5/1.0.8 - '/mysections/ratefile.php?lid' SQL Injection

Referenzen