CVE-2007-2370

Published: Apr 30, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.

Affected (1)

Products: Xoops: John Mordo Jobs Module

1 product

John Mordo Jobs Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xoops John Mordo Jobs Module	Up to 2.4

References (4)

http://www.attrition.org/pipermail/vim/2007-April/001494.html

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3672

Source: cve@mitre.org

http://www.attrition.org/pipermail/vim/2007-April/001494.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3672

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.