Filtered by vendor Xoops
Subscribe
Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||||
CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | |||||
CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | |||||
CVE-2006-5532 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-3289 | 1 Xoops | 1 Wiwimod Module | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
CVE-2008-0612 | 1 Xoops | 1 Xoops | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. | |||||
CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-3057 | 1 Xoops | 1 Icontent Module | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2007-3237 | 1 Xoops | 1 Tinycontent Module | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
CVE-2007-1838 | 1 Xoops | 1 Friendfinder Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
CVE-2007-5978 | 1 Xoops | 1 Mylinks Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
CVE-2008-0613 | 1 Xoops | 1 Xoops | 2024-02-04 | 5.0 MEDIUM | N/A |
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. |