2 matches found
CVE-2007-2738
The CVE-2007-2738 entry corresponds to a SQL injection vulnerability in the Glossaire module for XOOPS (version 1.7 and earlier). The flaw resides in glossaire-p-f.php, where the sid parameter used in an ImprDef action is not properly sanitized, allowing remote attackers to execute arbitrary SQL ...
CVE-2006-3363
The CVE-2006-3363 entry documents a PHP Remote File Inclusion vulnerability in the Glossaire module 1.7 for XOOPS. The flaw enables remote attackers to execute arbitrary PHP code via a URL supplied in the pa parameter, impacting the module’s normal handling of file inclusion. The NVD record lists...