CVE-2007-1813

critical

Description

SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.

References

https://www.exploit-db.com/exploits/3623

https://exchange.xforce.ibmcloud.com/vulnerabilities/33369

http://osvdb.org/34471

Details

Source: Mitre, NVD

Published: 2007-04-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00256