XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2002-2391)

Description

SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

Remediation

References

CVE-2002-2391

Related Vulnerabilities

MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)

Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40888)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.2.13)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Unspecified Vulnerability (2.10.5)

Severity

High

Classification

CVE-2002-2391 CWE-138

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities