Vulnerabilities > Xoops > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-02 | CVE-2007-1815 | SQL-Injection vulnerability in Library Module SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2007-04-02 | CVE-2007-1814 | SQL-Injection vulnerability in Core Module SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. | 7.5 |
| 2007-01-19 | CVE-2007-0377 | SQL Injection vulnerability in Xoops 2.0.16 Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | 7.5 |
| 2006-08-28 | CVE-2006-4417 | SQL Injection vulnerability in Xoops Edituser.PHP SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. | 7.5 |
| 2005-11-18 | CVE-2005-3681 | Unspecified vulnerability in Xoops Wf-Downloads 2.05 SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter. | 7.5 |
| 2005-07-05 | CVE-2005-2113 | SQL-Injection vulnerability in Xoops SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | 7.5 |
| 2005-05-02 | CVE-2005-0743 | Remote Arbitrary PHP File Upload vulnerability in Xoops Custom Avatar The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | 7.5 |
| 2002-12-31 | CVE-2002-2391 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | 7.5 |
| 2002-05-16 | CVE-2002-0217 | Unspecified vulnerability in Xoops 1.0Rc1 Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php. | 7.5 |