Xoops » Xoops : Security Vulnerabilities, CVEs, (Sql injection)

CVE-2017-11174

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Max CVSS
9.8
EPSS Score
0.14%
Published
2017-07-12
Updated
2017-07-27

CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
Max CVSS
7.2
EPSS Score
0.14%
Published
2017-03-30
Updated
2017-04-03

CVE-2014-8999

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
Max CVSS
6.5
EPSS Score
0.11%
Published
2014-11-20
Updated
2014-11-24

CVE-2008-5665

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-12-19
Updated
2017-09-29

CVE-2008-0611

SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-02-06
Updated
2017-09-29

CVE-2007-0377

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.
Max CVSS
7.5
EPSS Score
1.02%
Published
2007-01-19
Updated
2018-10-16

CVE-2006-4417

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
Max CVSS
7.5
EPSS Score
1.03%
Published
2006-08-28
Updated
2018-10-17

CVE-2005-2113

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
Max CVSS
7.5
EPSS Score
0.30%
Published
2005-07-05
Updated
2016-10-18

CVE-2002-2391

SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2002-12-31
Updated
2008-09-05

CVE-2002-0216

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.
Max CVSS
5.0
EPSS Score
0.32%
Published
2002-05-16
Updated
2008-09-11
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close