CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
References
Link Resource
https://gist.github.com/jk1986/3b304ac6b4ae52ae667bba380c2dce19 Exploit Patch Third Party Advisory
http://www.securityfocus.com/bid/97230 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xoops:xoops:2.5.8.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.5.7.3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.5.7.2:*:*:*:*:*:*:*

Information

Published : 2017-03-30 00:59

Updated : 2017-04-03 06:42


NVD link : CVE-2017-7290

Mitre link : CVE-2017-7290


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

xoops

  • xoops