CVE-2014-8999
CVE-2014-8999 describes an SQL injection in XOOPS prior to 2.5.7 Final. The vulnerability exists in htdocs/modules/system/admin.php via the selgroups parameter, allowing remote authenticated users to execute arbitrary SQL commands. Affected software: XOOPS (PHP-based CMS); vulnerable component: a...