Vulnerabilities > Xoops
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-08 | CVE-2008-0138 | SQL Injection vulnerability in Xoops Xoopsgallery Module 1.3.39 PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | 6.8 |
2008-01-08 | CVE-2007-6675 | Permissions, Privileges, and Access Controls vulnerability in Xoops The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules. | 5.0 |
2007-11-15 | CVE-2007-5978 | SQL Injection vulnerability in Xoops Mylinks Module 2.0.17.1 SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
2007-10-03 | CVE-2007-5188 | Unspecified vulnerability in Xoops Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | 7.5 |
2007-06-21 | CVE-2007-3311 | SQL-Injection vulnerability in Articles Module SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-06-20 | CVE-2007-3289 | Remote Security vulnerability in Xoops Wiwimod Module 0.4 PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 7.5 |
2007-06-15 | CVE-2007-3237 | Remote Security vulnerability in Xoops Tinycontent Module 1.5 PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |
2007-06-15 | CVE-2007-3236 | Remote File Include vulnerability in Xoops Horoscope Module 1.0 PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | 7.5 |
2007-06-14 | CVE-2007-3222 | Remote File Include vulnerability in Xoops Xfsection Module 1.07 PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | 7.5 |
2007-06-14 | CVE-2007-3221 | Remote File Include vulnerability in Xoops XT-Conteudo Module Spaw_Control.Class.PHP PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |