Description

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.

Remediation

References

CVE-2017-11174

Related Vulnerabilities

WordPress Plugin Google Forms Unspecified Vulnerability (0.93)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.18)

WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)

MySQL CVE-2024-20996 Vulnerability (CVE-2024-20996)

Severity

Critical

Classification

CVE-2017-11174 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities