CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.6%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

http://www.securityfocus.com/bid/97230
https://gist.github.com/jk1986/3b304ac6b4ae52ae667bba380c2dce19
http://www.securityfocus.com/bid/97230
https://gist.github.com/jk1986/3b304ac6b4ae52ae667bba380c2dce19

Products affected by CVE-2017-7290

Xoops » Xoops » Version: 2.5.7.2

cpe:2.3:a:xoops:xoops:2.5.7.2
Xoops » Xoops » Version: 2.5.7.3

cpe:2.3:a:xoops:xoops:2.5.7.3
Xoops » Xoops » Version: 2.5.8.1

cpe:2.3:a:xoops:xoops:2.5.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7290

Products

Pricing

Contact Us