Unrated severityNVD Advisory· Published Apr 12, 2007· Updated Apr 23, 2026

CVE-2007-1979

Description

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.

Affected products

XOOPS/Xoops Popnupblog
cpe:2.3:a:xoops:xoops_popnupblog:*:*:*:*:*:*:*:*
Range: <=2.52

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/23286nvdExploit
secunia.com/advisories/24761nvdVendor Advisory
www.vupen.com/english/advisories/2007/1206nvd
www.exploit-db.com/exploits/3655nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000