Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops xoops 2.5.8.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-7290
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions prior to 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
Xoops Xoops 2.5.8.1
Xoops Xoops 2.5.7.3
Xoops Xoops 2.5.7.2
7.5
CVSSv2
CVE-2017-11174
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Xoops Xoops 2.5.8.1
4.3
CVSSv2
CVE-2017-7944
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
Xoops Xoops 2.5.8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started