Vulnerabilities > Xoops

DATE CVE VULNERABILITY TITLE RISK
2008-01-08 CVE-2008-0138 SQL Injection vulnerability in Xoops Xoopsgallery Module 1.3.39
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
network
xoops CWE-89
6.8
2008-01-08 CVE-2007-6675 Permissions, Privileges, and Access Controls vulnerability in Xoops
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
network
low complexity
xoops CWE-264
5.0
2007-11-15 CVE-2007-5978 SQL Injection vulnerability in Xoops Mylinks Module 2.0.17.1
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
network
low complexity
xoops CWE-89
7.5
2007-10-03 CVE-2007-5188 Unspecified vulnerability in Xoops
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension.
network
low complexity
xoops
7.5
2007-06-21 CVE-2007-3311 SQL-Injection vulnerability in Articles Module
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
xoops
7.5
2007-06-20 CVE-2007-3289 Remote Security vulnerability in Xoops Wiwimod Module 0.4
PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.
network
low complexity
xoops
7.5
2007-06-15 CVE-2007-3237 Remote Security vulnerability in Xoops Tinycontent Module 1.5
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.
network
xoops
6.8
2007-06-15 CVE-2007-3236 Remote File Include vulnerability in Xoops Horoscope Module 1.0
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.
network
low complexity
xoops
7.5
2007-06-14 CVE-2007-3222 Remote File Include vulnerability in Xoops Xfsection Module 1.07
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter.
network
low complexity
xoops
7.5
2007-06-14 CVE-2007-3221 Remote File Include vulnerability in Xoops XT-Conteudo Module Spaw_Control.Class.PHP
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.
network
xoops
6.8