Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xoops xoops 2.0.16 |