Sql injection

SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-3311

SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-3311

SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-3311

The CVE-2007-3311 entry concerns the XOOPS Articles Module (version 1.02 and earlier). The vulnerability is a SQL Injection in print.php via the id parameter, caused by insufficient input sanitization. This allows a remote attacker to execute arbitrary SQL commands against the backend database. P...

CVE-2007-3289

PHP remote file inclusion vulnerability in spaw/spawcontrol.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

CVE-2007-3289

PHP remote file inclusion vulnerability in spaw/spawcontrol.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

CVE-2007-3289

CVE-2007-3289 is a PHP remote file inclusion vulnerability affecting the WiwiMod 0.4 module for XOOPS, in which an attacker can execute arbitrary PHP code by supplying a URL in the spaw_root parameter of spaw/spaw_control.class.php. The issue is noted as probably a duplicate of CVE-2006-4656. The...

XOOPS Module WiwiMod 0.4 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ XOOPS Module WiwiMod 0.4 Remote File Inclusion Vulnerability ============================================================ XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability...

XOOPS Module WiwiMod 0.4 Remote File Inclusion Vulnerability

No description provided by source. XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability D.Script: http://codigolivre.org.br/frs/download.php/1745/xoops2-modwiwimod0.4xavierjimenez.zip V.Code : include $spawroot.'config/spawcontrol.config.php'; include $spawroot.'class/toolbars.class.php'; include...

XOOPS Module wiwimod 0.4 - Remote File Inclusion

XOOPS Module wiwimod 0.4 - Remote File Inclusion XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability D.Script: http://codigolivre.org.br/frs/download.php/1745/xoops2-modwiwimod0.4xavierjimenez.zip V.Code : include $spawroot.'config/spawcontrol.config.php'; include...

XOOPS Module wiwimod 0.4 - Remote File Inclusion

XOOPS Module WiwiMod v0.4 spawroot RFI Vulnerability D.Script: http://codigolivre.org.br/frs/download.php/1745/xoops2-modwiwimod0.4xavierjimenez.zip V.Code : include $spawroot.'config/spawcontrol.config.php'; include $spawroot.'class/toolbars.class.php'; include $spawroot.'class/lang.class.php'; ...

Immunity Canvas: XOOPS_TINYCONTENT

Name| xoopstinycontent ---|--- CVE| CVE-2007-3237 Exploit Pack| CANVAS Description| Xoops Tinycontent Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3237 CVE Name: CVE-2007-3237...

Remote file inclusion

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

CVE-2007-3237

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

CVE-2007-3236

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter...

CVE-2007-3236

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter...

CVE-2007-3236

The CVE-2007-3236 issue affects the Horoscope 1.0 module for XOOPS. A PHP remote file inclusion vulnerability in footer.php allows an attacker to execute arbitrary PHP code by supplying a URL in the xoopsConfig[root_path] parameter, enabling remote code execution. The vulnerability is described w...

CVE-2007-3237

CVE-2007-3237 and related entries describe a PHP remote file inclusion in the spaw/spaw_control.class.php handler used by XOOPS modules (TinyContent 1.5, WiwiMod 0.4, XT-Conteudo). The vulnerability allows an attacker to cause arbitrary PHP code execution by supplying a crafted URL in the spaw_ro...

xtconteudo-rfi.txt

/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title XT-Conteudo XOOPS Module Remote File Inclusion Vulnerability Description Content module for XOOPS CMS Vuln Code In /admin/spaw/spawcontrol.class.php...