CVE-2019-25433 XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

PT-2026-21439

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar pdf.php endpoint with malicious cid values to extract sensitive database...

CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...

XOOPS Detection

The remote host is running XOOPS, a web content management system written in PHP and released under the GPL. Tenable Network Security, Inc. include"compat.inc"; if description scriptid18613; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24";...