Vulnerability Description
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xoops | Xoops Popnupblog | <= 2.52 |
References
- http://secunia.com/advisories/24761Vendor Advisory
- http://www.securityfocus.com/bid/23286Exploit
- http://www.vupen.com/english/advisories/2007/1206
- https://www.exploit-db.com/exploits/3655
- http://secunia.com/advisories/24761Vendor Advisory
- http://www.securityfocus.com/bid/23286Exploit
- http://www.vupen.com/english/advisories/2007/1206
- https://www.exploit-db.com/exploits/3655
FAQ
What is CVE-2007-1979?
CVE-2007-1979 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the ...
How severe is CVE-2007-1979?
CVE-2007-1979 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1979?
Check the references section above for vendor advisories and patch information. Affected products include: Xoops Xoops Popnupblog.