CVE-2017-12138

XOOPS Core 2.5.8 contains an open redirect vulnerability in /modules/profile/index.php caused by the URL filter. The Nuclei template confirms an open redirect where an attacker can redirect users to a malicious site, potentially enabling phishing or other unauthorized operations. Affected softwar...

CVE-2017-12139

CVE-2017-12139 affects XOOPS Core 2.5.8 with a stored XSS in imagemanager.php due to missing MIME type validation in htdocs/class/uploader.php. The issue is caused by inadequate validation of uploaded content, enabling an attacker to inject malicious script when the affected page is viewed. Conne...

XOOPS Core imagemanager.php cross-site scripting vulnerability

XOOPS is XOOPS team development and maintenance of a set of open source PHP and MySQL based content management system . A cross-site scripting vulnerability exists in XOOPS imagemanager.php, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which...

XOOPS Core /modules/profile/index.php redirection vulnerability

XOOPS is XOOPS team development and maintenance of a set of open source PHP and MySQL based content management system . XOOPS /modules/profile/index.php file has a redirection vulnerability that allows attackers to construct malicious URIs, entice users to parse, redirect users to any WEB site fo...

XOOPS Core Install DB SQL Injection Vulnerability

XOOPS eXtensible Object Oriented Portal System is the XOOPS team develops and maintains a set of open source PHP and MySQL based content management system . The system can be used to create a variety of online communities . XOOPS Core is one of the core repository . A SQL injection vulnerability...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

CVE-2017-11174

CVE-2017-11174 is a SQL injection vulnerability affecting XOOPS Core 2.5.8.1, in the file install/page_dbsettings.php. The issue arises from unfiltered data being passed to CREATE and ALTER SQL queries, with a specific relation to GBK in CHARACTER SET and COLLATE clauses. The vulnerability allows...

XOOPS Cross-Site Scripting Vulnerability

XOOPS eXtensible Object Oriented Portal System is the XOOPS team develops and maintains a set of open source PHP and MySQL based content management system . The system can be used to create a variety of online communities . XOOPS Core is one of the core repository . A cross-site scripting...

XOOPS <= 2.5.8.1 XSS Vulnerability

XOOPS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops";...

CVE-2017-7944

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in pagedbsettings.php...

Design/Logic Flaw

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in pagedbsettings.php...

CVE-2017-7944

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in pagedbsettings.php...

CVE-2017-7944

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in pagedbsettings.php...

CVE-2017-7944

CVE-2017-7944 affects XOOPS Core 2.5.8.1. The vulnerability is a cross-site scripting (XSS) flaw caused by unescaped HTML output in the Install DB failure error message shown by page_dbsettings.php. Public sources in connected documents consistently describe the issue as an XSS in XOOPS Core 2.5....

XOOPS 'findusers.php' SQL Injection Vulnerability

XOOPS is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops"; ifdescription...

Xoops SQL Injection Vulnerability

XOOPS eXtensible Object Oriented Portal System is XOOPS team development and maintenance of a set of open source based on PHP and MySQL content management system . A SQL injection vulnerability exists in Xoops' findusers.php page. Since the url parameter is not filtered for malicious characters, ...

Sql injection

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program...