Xoops@2.0.9.3 Security Vulnerabilities and Issues — Xoops@2.0.9.3 CVE List

Lucene search

XoopsXoops2.0.9.3

5 matches found

CVE•added 2006/05/22 10:2 p.m.•48 views

CVE-2006-2516

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index...

5.1CVSS6.7AI score0.05235EPSS

CVE•added 2005/07/05 4:0 a.m.•46 views

CVE-2005-2112

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

4.3CVSS5.8AI score0.00558EPSS

CVE•added 2010/05/07 6:30 p.m.•46 views

CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

5CVSS7AI score0.00264EPSS

CVE•added 2005/07/05 4:0 a.m.•43 views

CVE-2005-2113

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

7.5CVSS8.6AI score0.00973EPSS

CVE•added 2009/11/17 6:30 p.m.•43 views

CVE-2009-3963

Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.

7.5CVSS6.8AI score0.0036EPSS