Vulnerabilities > Xoops > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-09 | CVE-2007-2543 | SQL Injection vulnerability in Xoops Flashgames Module 1.0.1 SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
| 2007-04-30 | CVE-2007-2370 | SQL-Injection vulnerability in John Mordo Jobs Module SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. | 7.5 |
| 2007-04-12 | CVE-2007-1979 | SQL Injection vulnerability in Bluemoon Inc. PopnupBlog XOOPS Module SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. | 7.5 |
| 2007-04-12 | CVE-2007-1974 | SQL Injection vulnerability in XOOPS Module ZMagazine Print.PHP SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | 7.5 |
| 2007-04-11 | CVE-2007-1962 | SQL Injection vulnerability in Xoops Wf-Snippets SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | 7.5 |
| 2007-04-11 | CVE-2007-1960 | SQL Injection vulnerability in Xoops Rha7 Downloads Module 1.0/1.10 SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
| 2007-04-03 | CVE-2007-1847 | SQL Injection vulnerability in XOOPS Module Repository ViewCat.PHP SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2007-04-03 | CVE-2007-1846 | SQL Injection vulnerability in Malaika System MyAds Xoops Module SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. | 7.5 |
| 2007-04-03 | CVE-2007-1838 | SQL Injection vulnerability in Xoops Friendfinder Module View.PHP SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-04-02 | CVE-2007-1816 | SQL-Injection vulnerability in Tutoriais Module SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |