Vulnerabilities > Xoops
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-14 | CVE-2007-3220 | Unspecified vulnerability in Xoops Cjay Content Module 3 PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |
| 2007-06-06 | CVE-2007-3057 | Module Spaw_Control.Class.PHP Remote File Include vulnerability in Xoops Icontent Module 4.5 PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |
| 2007-05-17 | CVE-2007-2738 | SQL Injection vulnerability in XOOPS Module Glossarie Glossaire-P-F.PHP SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | 7.5 |
| 2007-05-17 | CVE-2007-2737 | SQL-Injection vulnerability in Xoops Myconference Module 1.0 SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2007-05-09 | CVE-2007-2571 | SQL Injection vulnerability in Xoops Wfquotes Module SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | 7.5 |
| 2007-05-09 | CVE-2007-2543 | SQL Injection vulnerability in Xoops Flashgames Module 1.0.1 SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
| 2007-04-30 | CVE-2007-2370 | SQL-Injection vulnerability in John Mordo Jobs Module SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. | 7.5 |
| 2007-04-12 | CVE-2007-1979 | SQL Injection vulnerability in Bluemoon Inc. PopnupBlog XOOPS Module SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. | 7.5 |
| 2007-04-12 | CVE-2007-1974 | SQL Injection vulnerability in XOOPS Module ZMagazine Print.PHP SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | 7.5 |
| 2007-04-11 | CVE-2007-1962 | SQL Injection vulnerability in Xoops Wf-Snippets SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | 7.5 |