Sql injection

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter...

CVE-2007-5978

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter...

CVE-2007-5978

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter...

CVE-2007-5978

CVE-2007-5978 describes an SQL injection in the XOOPS mylinks module, via brokenlink.php parameter lid. The vulnerability allows remote attackers to execute arbitrary SQL commands. CVSS v2.0 base score 7.5 (HIGH) with network access, low attack complexity, no authentication required, and partial ...

XOOPS 2.2.5 - register.php Cross-Site Scripting

XOOPS 2.2.5 - register.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26835/info XOOPS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...

xoops mylinks module - sql injection

I have found a mysql injection vulnerability in mylinks xoops module brokenlink.php page where $GET'lid' is not validated by intval or any other input validation. See: modules/mylinks/brokenlink.php?lid=120OR201=2 or get an error of fetch in the page title...

XOOPS 2.2.5 - 'register.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26835/info XOOPS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

xoops-sql.txt

I have found a mysql injection vulnerability in mylinks xoops module brokenlink.php page where $GET'lid' is not validated by intval or any other input validation. See: modules/mylinks/brokenlink.php?lid=1%20OR%201=2 or get an error of fetch in the page title...

XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection

XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection source: https://www.securityfocus.com/bid/26392/info Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this...

XOOPS 2.0.17.1 Mylinks Module - 'Brokenlink.php' SQL Injection

source: https://www.securityfocus.com/bid/26392/info Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remote attackers to pass maliciou...

CVE-2002-2391

SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter...

CVE-2002-2386

Cross-site scripting XSS vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag...

CVE-2002-2391

The CVE-2002-2391 entry describes a SQL injection in WebChat 1.5 (included with XOOPS 1.0) via the roomid parameter in index.php, enabling remote arbitrary SQL commands. The connected documents provide concrete details (affected software and vulnerable parameter) but do not include exploitation s...

CVE-2002-2386

CVE-2002-2386 describes a cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0. The issue occurs when online question development allows a javascript: URL in the SRC attribute of an IMG tag, enabling remote attackers to inject arbitrary script/HTML. The provided documents id...

CVE-2003-1453

The vulnerability is an XSS in XOOPS MytextSanitizer affecting XOOPS 1.3.5–1.3.9 and 2.0–2.0.1, exploitable via a javascript: URL in an IMG tag to inject arbitrary script/HTML. The provided documents do not include concrete exploit details, affected product versions beyond those ranges, or a reme...

Design/Logic Flaw

Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist...

CVE-2007-5188

Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist...

CVE-2007-5188

Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist...

CVE-2007-5188

CVE-2007-5188 affects XOOPS (uploader class) in XOOPS 2.0.17.1-RC1 and earlier. The issue is an unspecified remote upload vulnerability tied to improper upload configuration in class/uploader.php and class/mimetypes.inc.php, with a possibly incomplete blacklist that omits the .php4 extension. Con...

xoops101-rfi.txt

!/usr/bin/perl sub header print q ========================================================================= XOOPS modules xfsection 1.01 =Remote File Inclusion Exploit Exploit Coded by fl0 fl0w floflowsupremacyatyahoodotcom PoC:http://site.com/modules/xfsection/modify.php?dirmodule=evilShell?...