SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and previous versions allows remote malicious users to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xoops xoops 2.0 |
||
xoops xoops 2.0.1 |
||
xoops xoops 2.0.5.1 |
||
xoops xoops 2.0.5.2 |
||
xoops xoops 2.0.4 |
||
xoops xoops 2.0.5 |
||
xoops xoops 2.0.10 |
||
xoops xoops 2.0.11 |
||
xoops xoops 2.0.6 |
||
xoops xoops 2.0.7 |
||
xoops xoops 2.0.2 |
||
xoops xoops 2.0.3 |
||
xoops xoops 2.0.9 |
||
xoops xoops 2.0.9.2 |
||
xoops xoops 2.0.9.3 |