CVE-2007-1838

critical

Description

SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

References

https://www.exploit-db.com/exploits/3597

https://exchange.xforce.ibmcloud.com/vulnerabilities/33292

http://www.vupen.com/english/advisories/2007/1146

http://www.securityfocus.com/archive/1/464153/100/0/threaded

Details

Source: Mitre, NVD

Published: 2007-04-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00494

Detections

Analytics