SQL injection vulnerability in index.php in the PopnupBlog 2.52 and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xoops xoops popnupblog |