Vulnerabilities > Xoops > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-06 | CVE-2008-0611 | SQL Injection vulnerability in multiple products SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-11-15 | CVE-2007-5978 | SQL Injection vulnerability in Xoops Mylinks Module 2.0.17.1 SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
| 2007-10-03 | CVE-2007-5188 | Unspecified vulnerability in Xoops Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | 7.5 |
| 2007-06-21 | CVE-2007-3311 | SQL-Injection vulnerability in Articles Module SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-06-20 | CVE-2007-3289 | Remote Security vulnerability in Xoops Wiwimod Module 0.4 PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 7.5 |
| 2007-06-15 | CVE-2007-3236 | Remote File Include vulnerability in Xoops Horoscope Module 1.0 PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | 7.5 |
| 2007-06-14 | CVE-2007-3222 | Remote File Include vulnerability in Xoops Xfsection Module 1.07 PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | 7.5 |
| 2007-05-17 | CVE-2007-2738 | SQL Injection vulnerability in XOOPS Module Glossarie Glossaire-P-F.PHP SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | 7.5 |
| 2007-05-17 | CVE-2007-2737 | SQL-Injection vulnerability in Xoops Myconference Module 1.0 SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2007-05-09 | CVE-2007-2571 | SQL Injection vulnerability in Xoops Wfquotes Module SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | 7.5 |