CVE-2007-1979

Published: Apr 12, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.

Affected (1)

Products: Xoops: Xoops Popnupblog

1 product

Xoops Popnupblog

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xoops Xoops Popnupblog	Up to 2.52

References (8)

http://secunia.com/advisories/24761

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/23286

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2007/1206

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3655

Source: cve@mitre.org

http://secunia.com/advisories/24761

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/23286

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2007/1206

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3655

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.