CVE-2017-11174: SQL Injection
First published: Wed Jul 12 2017(Updated: )
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| E-xoops | =2.5.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11174?
CVE-2017-11174 has a medium severity rating due to its potential for SQL Injection vulnerabilities.
How do I fix CVE-2017-11174?
To fix CVE-2017-11174, upgrade to a patched version of XOOPS beyond 2.5.8.1.
What types of attacks can CVE-2017-11174 facilitate?
CVE-2017-11174 can facilitate SQL Injection attacks, allowing an attacker to manipulate database queries.
Which software versions are affected by CVE-2017-11174?
The only affected version by CVE-2017-11174 is XOOPS 2.5.8.1.
What components are involved in CVE-2017-11174?
CVE-2017-11174 specifically involves the install/page_dbsettings.php file in the XOOPS Core distribution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xoops
- canonical/e-xoops
- version/e-xoops/2.5.8.1