3 matches found
CVE-2002-0216
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter...
CVE-2002-0217
CVE-2002-0217 affects XOOPS 1.0 RC1 — the Private Message System is vulnerable to cross-site scripting via the PM title/field or the image parameter in pmlite.php. The root cause is insufficient input filtering, allowing remote attackers to run Javascript in other users’ browsers. Documented impa...
CVE-2002-0216
CVE-2002-0216 affects XOOPS 1.0 RC1: the userinfo.php script is vulnerable to SQL injection via the uid parameter, allowing remote attackers to retrieve sensitive data. The vulnerability stems from improper handling of user input in SQL clauses (example: uid value causing a syntax error revealing...