CVE-2017-7290: SQL Injection
First published: Thu Mar 30 2017(Updated: )
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xoops Xoops | =2.5.7.2 | |
| Xoops Xoops | =2.5.7.3 | |
| Xoops Xoops | =2.5.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/xoops
- canonical/xoops xoops
- version/xoops xoops/2.5.7.2
- version/xoops xoops/2.5.7.3
- version/xoops xoops/2.5.8.1