Xoops Security Vulnerabilities and Issues — Xoops CVE List

Lucene search

XoopsXoops

13 matches found

CVE•added 2002/05/16 4:0 a.m.•54 views

CVE-2002-0217

Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.

7.5CVSS6.9AI score0.01288EPSS

CVE•added 2017/03/30 7:59 a.m.•54 views

CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

7.2CVSS7.2AI score0.00641EPSS

CVE•added 2008/12/19 1:52 a.m.•49 views

CVE-2008-5665

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.

7.5CVSS8.4AI score0.00144EPSS

CVE•added 2007/10/31 4:0 p.m.•43 views

CVE-2002-2391

SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

7.5CVSS8.8AI score0.00372EPSS

CVE•added 2005/07/05 4:0 a.m.•43 views

CVE-2005-2113

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

7.5CVSS8.6AI score0.00973EPSS

CVE•added 2007/01/19 11:28 p.m.•43 views

CVE-2007-0377

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.

7.5CVSS8.4AI score0.00759EPSS

CVE•added 2009/11/17 6:30 p.m.•43 views

CVE-2009-3963

Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.

7.5CVSS6.8AI score0.0036EPSS

CVE•added 2008/02/06 12:0 p.m.•35 views

CVE-2008-0612

Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

7.5CVSS7.1AI score0.04025EPSS

CVE•added 2007/10/03 2:17 p.m.•34 views

CVE-2007-5188

Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist tha...

7.5CVSS7AI score0.01003EPSS

CVE•added 2005/05/02 4:0 a.m.•33 views

CVE-2005-0743

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

7.5CVSS7.4AI score0.00911EPSS

CVE•added 2006/08/28 9:4 p.m.•31 views

CVE-2006-4417

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

7.5CVSS8.8AI score0.01367EPSS

CVE•added 2008/07/25 1:41 p.m.•31 views

CVE-2008-3296

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informa...

7.5CVSS6.9AI score0.01398EPSS

CVE•added 2008/02/06 12:0 p.m.•26 views

CVE-2008-0611

SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.4AI score0.00249EPSS