Vulnerability Description
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xoops | Malaika System Myads Module | <= 2.04 |
References
- http://osvdb.org/37372
- http://www.securityfocus.com/bid/23212ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33334
- https://www.exploit-db.com/exploits/3603
- http://osvdb.org/37372
- http://www.securityfocus.com/bid/23212ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33334
- https://www.exploit-db.com/exploits/3603
FAQ
What is CVE-2007-1846?
CVE-2007-1846 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-20...
How severe is CVE-2007-1846?
CVE-2007-1846 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1846?
Check the references section above for vendor advisories and patch information. Affected products include: Xoops Malaika System Myads Module.