Shodan
Vulnerabilities
Vulnerable Software
Xoops:  Security Vulnerabilities
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVSS Score
6.8
EPSS Score
0.64
Published
2007-06-14
CVE-2007-3222
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter.
CVSS Score
7.5
EPSS Score
0.034
Published
2007-06-14
CVE-2007-3057
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVSS Score
6.8
EPSS Score
0.643
Published
2007-06-06
CVE-2007-2737
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-05-17
CVE-2007-2738
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-05-17
CVE-2007-2571
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-05-09
CVE-2007-2543
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2007-05-09
CVE-2007-2370
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-04-30
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-04-12
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
CVSS Score
7.5
EPSS Score
0.035
Published
2007-04-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved