CVE-2007-1838

Published: Apr 3, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected (1)

Products: Xoops: Friendfinder Module

Xoops

1 product

Friendfinder Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xoops Friendfinder Module	Up to 3.3

References (10)

http://www.securityfocus.com/archive/1/464153/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23184

Source: cve@mitre.org

ExploitVendor Advisory

http://www.vupen.com/english/advisories/2007/1146

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33292

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3597

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/464153/100/0/threaded