Description

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

Remediation

References

CVE-2017-7290

Related Vulnerabilities

Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)

Oracle HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5000)

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

PrestaShop Improper Privilege Management Vulnerability (CVE-2023-43664)

Bootstrap Select Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20921)

Severity

High

Classification

CVE-2017-7290 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities