Vulnerabilities > CVE-2005-2113 - SQL-Injection vulnerability in Xoops

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xoops
nessus
exploit available

Summary

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

Exploit-Db

  • descriptionXOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit. CVE-2005-2113. Webapps exploit for php platform
    idEDB-ID:1082
    last seen2016-01-31
    modified2005-07-04
    published2005-07-04
    reporterRusH
    sourcehttps://www.exploit-db.com/download/1082/
    titleXOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit
  • descriptionXOOPS < 2.0.11 - Multiple Vulnerabilities. CVE-2005-2112,CVE-2005-2113. Webapps exploit for PHP platform
    idEDB-ID:43827
    last seen2018-01-24
    modified2015-06-29
    published2015-06-29
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43827/
    titleXOOPS < 2.0.11 - Multiple Vulnerabilities

Nessus

NASL familyCGI abuses
NASL idXOOPS_2012.NASL
descriptionThe installed version of XOOPS on the remote host is affected by several vulnerabilities : - A SQL Injection Vulnerability The bundled XMLRPC server fails to sanitize user- supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id18614
published2005-07-05
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18614
titleXOOPS < 2.0.12 Multiple Vulnerabilities