Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops xoops vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2017-7290
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions prior to 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
Xoops Xoops 2.5.8.1
Xoops Xoops 2.5.7.3
Xoops Xoops 2.5.7.2
785
VMScore
CVE-2007-6380
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote malicious users to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections...
E-xoops E-xoops 1.05 Rev1
E-xoops E-xoops 1.05 Rev3
E-xoops E-xoops 1.05 Rev2
E-xoops E-xoops 1.08
7 EDB exploits
383
VMScore
CVE-2008-6885
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote malicious users to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.
Xoops Xoops 2.3.1
Xoops Xoops 2.3.2a
755
VMScore
CVE-2008-5665
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote malicious users to execute arbitrary SQL commands via the no parameter.
Xoops Xoops
1 EDB exploit
668
VMScore
CVE-2007-5188
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and previous versions allows remote malicious users to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, p...
Xoops Xoops
505
VMScore
CVE-2003-1550
XOOPS 2.0, and possibly earlier versions, allows remote malicious users to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
Xoops Xoops
1 EDB exploit
445
VMScore
CVE-2007-6675
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS prior to 2.0.18 does not check permissions, which allows remote malicious users to read the comments in restricted modules.
Xoops Xoops
578
VMScore
CVE-2014-8999
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS prior to 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
Xoops Xoops
383
VMScore
CVE-2005-2338
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and previous versions, XOOPS 2.0.13.1 and previous versions, and 2.2.x up to 2.2.3 RC1 allow remote malicious users to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2...
Xoops Xoops
668
VMScore
CVE-2006-4417
SQL injection vulnerability in edituser.php in Xoops prior to 2.0.15 allows remote malicious users to execute arbitrary SQL commands via the user_avatar parameter.
Xoops Xoops
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »