XOOPS-magazine
Hauptmenu
Sidebar Navigation
Kategorien
Monatsarchive
RSS Feed
suck my

Breadcrumbs: Startseite

Social-Bookmarks
 
« Release of ImpressCMS 1.0 -Janus- Release Candidate
XOOPS 2.0.18.1 Released »

9 SQL Injection Vulnerability in modules

22. Februar 2008
Rene Sato (Views: 1187)

english.gif german.gif

SQL Injection Vulnerability in a many modules

1 XOOPS Tiny Event ‘print’ Option SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-21 00:00:00 MST
URL: http://www.securityfocus.com/bid/27931
2 XOOPS ‘prayerlist’ Module ‘cid’ Parameter SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-21 00:00:00 MST
URL: http://www.securityfocus.com/bid/27934
3 XOOPS eEmpregos Module ‘index.php’ SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-20 00:00:00 MST
URL: http://www.securityfocus.com/bid/27905
4 XOOPS ‘classifieds’ Module ‘cid’ Parameter SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-19 00:00:00 MST
URL: http://www.securityfocus.com/bid/27895
5 XOOPS ‘vacatures’ Module ‘cid’ Parameter SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-19 00:00:00 MST
URL: http://www.securityfocus.com/bid/27889
6 XOOPS ‘badliege’ Module ‘id’ Parameter SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-19 00:00:00 MST
URL: http://www.securityfocus.com/bid/27892
7 XOOPS ‘events’ Module ‘id’ Parameter SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-19 00:00:00 MST
URL: http://www.securityfocus.com/bid/27890
8 XOOPS ’seminars’ Module ‘id’ Parameter SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-19 00:00:00 MST
URL: http://www.securityfocus.com/bid/27891
9 XOOPS myTopics Module ‘print.php’ SQL Injection Vulnerability (Vulnerabilities)
Last modified on: 2008-02-18 00:00:00 MST
URL: http://www.securityfocus.com/bid/27861
Modules, Security

1 Kommentar

  1. Kommentar von Rene Sato:
    26. Februar 2008 @ 10:36

    XM-Memberstats - SQL Injection.

    Description:
    Two vulnerabilities have been discovered in the XM-Memberstats module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks.

    Input passed to the “letter” and “sortby” parameters in xmmemberstats/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    The vulnerabilities are confirmed in version 2.0e. Other versions may also be affected.

    Solution:
    Edit the source code to ensure that input is properly sanitised.

    Provided and/or discovered by:
    Affected “sortby” parameter reported as cross-site scripting vulnerability in RMSOFT Gallery Script by t0fx.
    Affected “letter” parameter reported by an anonymous person.

    Original Advisory:
    t0fx:
    http://www.xssing.com/index.php?x=3&y=12

Einen Kommentar hinterlassen

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a

Powered by XOOPS 2.0.16 © 2001-2007 The XOOPS Project

Design by XOOPS-magazine.com Powered by XOOPS 2.0.16 | Ref: 1220635962
Impressum / Disclaimer Impressum | Kontakt / Contact Kontakt | Xoops Headlines all Xoops-Headlines | Xoops Headlines Sitemap | Xoops Headlines Stats

Admin-Infos: 0.85 Sekunden / secounds + 3 Abfragen / queries
Special thanks to Link > matchan matchan and Link > kruxmux kruxmux!


xoops topliste