Filtered by vendor Xoops
Subscribe
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0847 | 1 Xoops | 1 Mytopics | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | |||||
| CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5321 | 2 Xoops, Xoops Hocasi | 2 Xoops, Gesgaleri | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. | |||||
| CVE-2009-2162 | 2 Ishii, Xoops | 2 Pukiwikimod, Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-5810 | 1 Xoops | 1 Xoops | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. | |||||
| CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||||
| CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-2094 | 1 Xoops | 1 Article Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0612 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-1815 | 1 Xoops | 1 Library Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-4653 | 1 Xoops | 2 Makale, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0613 | 1 Xoops | 1 Xoops | 2025-04-09 | 5.0 MEDIUM | N/A |
| Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | |||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | |||||