Shodan
Vulnerabilities
Vulnerable Software
Xoops:  Security Vulnerabilities
CVE-2007-1976
PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack
CVSS Score
7.5
EPSS Score
0.011
Published
2007-04-12
CVE-2007-1960
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-04-11
CVE-2007-1962
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-04-11
CVE-2007-1846
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-04-03
CVE-2007-1847
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-04-03
CVE-2007-1838
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-04-03
CVE-2007-1814
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-04-02
CVE-2007-1815
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-04-02
CVE-2007-1816
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-04-02
CVE-2007-0377
Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2007-01-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved