CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

CVE-2019-25433 XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection in gerar_pdf.php via the cid parameter that allows unauthenticated attackers to manipulate database queries and extract sensitive information. The vulnerability is triggered by special cid values in GET requests. Affected component: gerar_pdf.php in XOOPS...

EUVD-2023-40194

Malicious code in bioql PyPI...

CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...

CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...

CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...

Cross site scripting

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...

CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...

CVE-2023-36217

Xoops CMS v2.5.10 contains a Cross Site Scripting vulnerability in the category name field of the image manager function, enabling a remote attacker to execute arbitrary code. The issue is described as high-severity (CRITICAL) with CVSSv3.1 metrics; exploitation is demonstrated in public referenc...

PT-2023-25485 · Xoops Cms · Xoops Cms

Name of the Vulnerable Software and Affected Versions: Xoops CMS version 2.5.10 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the category name field of the image manager function. This enables the attacker to inject malicious scripts into the...

Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Xoops CMS 2.5.10 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-12 Exploit Author: tmrswrr Vendor Homepage: https://xoops.org/ Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10 Version: 2.5.10 Tested : https://www.softaculous.com/apps/cms/Xoops ---...

Xoops CMS 2.5.10 Cross Site Scripting

Exploit Title: Xoops CMS Version 2.5.10 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-12 Exploit Author: tmrswrr Vendor Homepage: https://xoops.org/ Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10 Version: 2.5.10 Tested : https://www.softaculous.com/apps/cms/Xoo...

XOOPS CMS 2.5.9 SQL Injection Vulnerability

Exploit for php platform in category web applications + Sql Injection on XOOPS CMS v.2.5.9 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: email protected + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php...

XOOPS 2.5.9 - SQL Injection

XOOPS 2.5.9 - SQL Injection + Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php...

XOOPS CMS 2.5.9 SQL Injection

Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php inurl:modules // use your brain ; +...

XOOPS 2.5.9 - SQL Injection

Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php inurl:modules // use your brain ; +...

Xoops CMS 2.5.7.1 Cross Site Scripting

Hi Team, Affected Vendor: http://www.xoops.org/ Date: 24/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Xoops CMS Version: 2.5.7.1 Tested Link:...