Xoops

Xoops

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-2035

  • EPSS 1.07%
  • Veröffentlicht 30.04.2008 16:17:00
  • Zuletzt bearbeitet 16.06.2026 22:52:58

Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules...

5

CVE-2008-0613

Exploit
  • EPSS 2.04%
  • Veröffentlicht 06.02.2008 12:00:00
  • Zuletzt bearbeitet 16.06.2026 22:49:59

Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.

7.5

CVE-2008-0612

Exploit
  • EPSS 2.78%
  • Veröffentlicht 06.02.2008 12:00:00
  • Zuletzt bearbeitet 16.06.2026 22:49:59

Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

7.5

CVE-2008-0611

  • EPSS 0.93%
  • Veröffentlicht 06.02.2008 12:00:00
  • Zuletzt bearbeitet 16.06.2026 22:49:59

SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

5

CVE-2007-6675

Exploit
  • EPSS 1.23%
  • Veröffentlicht 08.01.2008 19:46:00
  • Zuletzt bearbeitet 16.06.2026 22:48:33

The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.

7.5

CVE-2007-5188

  • EPSS 2.44%
  • Veröffentlicht 03.10.2007 14:17:00
  • Zuletzt bearbeitet 16.06.2026 22:45:37

Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimety...

7.5

CVE-2007-0377

Exploit
  • EPSS 2.05%
  • Veröffentlicht 19.01.2007 23:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:27

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other un...

6.8

CVE-2006-5810

Exploit
  • EPSS 1.56%
  • Veröffentlicht 08.11.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:31:55

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

7.5

CVE-2006-4417

  • EPSS 1.64%
  • Veröffentlicht 28.08.2006 21:04:00
  • Zuletzt bearbeitet 16.06.2026 22:29:03

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

5.1

CVE-2006-2516

Exploit
  • EPSS 6.35%
  • Veröffentlicht 22.05.2006 22:02:00
  • Zuletzt bearbeitet 16.06.2026 22:25:12

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] t...