Description
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
Remediation
References
Related Vulnerabilities
WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0799)
OpenSSL Cryptographic Issues Vulnerability (CVE-2011-1945)
Oracle JRE CVE-2012-0500 Vulnerability (CVE-2012-0500)
WordPress Plugin wpShopGermany Free Arbitrary File Upload (4.0.10)