Xoops Security Vulnerabilities and Issues — Xoops CVE List

Lucene search

XoopsXoops

3 matches found

CVE•added 2006/05/22 10:2 p.m.•48 views

CVE-2006-2516

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index...

5.1CVSS6.7AI score0.05235EPSS

CVE•added 2006/11/08 11:7 p.m.•43 views

CVE-2006-5810

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

6.8CVSS6AI score0.00353EPSS

CVE•added 2006/08/28 9:4 p.m.•31 views

CVE-2006-4417

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

7.5CVSS8.8AI score0.01367EPSS