2 matches found
Sql injection
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377...
CVE-2007-0377
CVE-2007-0377 affects Xoops 2.0.16: core/kernel/group.php (id) and Weblinks/module/class/table_broken.php (lid) have unsanitized inputs leading to SQL injection. Remote attackers could potentially execute arbitrary SQL per the reported vectors. The provided documents do not specify a patch or mit...