XOOPS 'include/notification_update.php' SQL Injection Vulnerability Network Vulnerability

Summary

XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to XOOPS 2.4.3 are affected.

Solution

Updates are available. Please see the references for details.

References

http://www.securityfocus.com/bid/37597
http://www.xoops.org
http://www.xoops.org/modules/news/article.php?storyid=5178

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AVTECH DVR Multiple Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Apache Tomcat /servlet Cross Site Scripting
admin.cgi overflow

Take action and discover your vulnerabilities