Vulnerabilities > CVE-2005-2113 - Unspecified vulnerability in Xoops

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
xoops
nessus
exploit available
NVD
Published: 2005-07-05
Updated: 2024-11-20

Summary

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

Vulnerable Configurations

Part Description Count
Application
Xoops
15

Exploit-Db

  • descriptionXOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit. CVE-2005-2113. Webapps exploit for php platform
    idEDB-ID:1082
    last seen2016-01-31
    modified2005-07-04
    published2005-07-04
    reporterRusH
    sourcehttps://www.exploit-db.com/download/1082/
    titleXOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit
  • descriptionXOOPS < 2.0.11 - Multiple Vulnerabilities. CVE-2005-2112,CVE-2005-2113. Webapps exploit for PHP platform
    idEDB-ID:43827
    last seen2018-01-24
    modified2015-06-29
    published2015-06-29
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43827/
    titleXOOPS < 2.0.11 - Multiple Vulnerabilities

Nessus

NASL familyCGI abuses
NASL idXOOPS_2012.NASL
descriptionThe installed version of XOOPS on the remote host is affected by several vulnerabilities : - A SQL Injection Vulnerability The bundled XMLRPC server fails to sanitize user- supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id18614
published2005-07-05
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18614
titleXOOPS < 2.0.12 Multiple Vulnerabilities

References