Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-3220
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote malicious users to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.
Xoops Cjay Content Module 3
1 EDB exploit
7.5
CVSSv2
CVE-2007-1846
SQL injection vulnerability in index.php in the MyAds 2.04jp and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
Xoops Malaika System Myads Module
1 EDB exploit
7.5
CVSSv2
CVE-2008-0936
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a view action.
Xoops Prayer List Module 1.04
1 EDB exploit
4.3
CVSSv2
CVE-2009-4713
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote malicious users to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to ...
Alexandre Amaral Xoops Celepar 1.0.1
1 EDB exploit
4.3
CVSSv2
CVE-2009-4714
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
Alexandre Amaral Xoops Celepar 1.0.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-2370
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and previous versions module for XOOPS allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
Xoops John Mordo Jobs Module
1 EDB exploit
7.5
CVSSv2
CVE-2007-5115
Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion (42VV10) in contenido_hacks in Mods 4 Xoops Contenido eZ publish (pdf4cms) allow remote malicious users to execute arbitrary PHP code via a URL in the cfgPathInc parameter to (1) main_upl...
Ekke Doerre Mods 4 Xoops Contenido Ez Publish
6.8
CVSSv2
CVE-2008-0937
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote malicious users to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
Tinyevent Tinyevent 1.01
Xoops Tiny Event Module 1.01
1 EDB exploit
7.5
CVSSv2
CVE-2005-0725
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote malicious users to execute arbitrary SQL commands via the articleid parameter to article.php.
Wf-sections Wf-sections 1.07
3 EDB exploits
7.5
CVSSv2
CVE-2008-5321
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote malicious users to execute arbitrary SQL commands via the no parameter.
Xoops Hocasi Gesgaleri Nil
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »