Description

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

Remediation

References

CVE-2017-7290

Related Vulnerabilities

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)

WordPress Plugin ARI Adminer-WordPress Database Manager Cross-Site Request Forgery (1.1.13)

WordPress Plugin Elementor Website Builder Multiple Cross-Site Scripting Vulnerabilities (3.1.1)

WordPress Plugin Google SEO Pressor for Rich snippets Cross-Site Scripting (1.2.6)

Joomla! Core 4.x.x Cross-Site Scripting (4.0.0 - 4.2.4)

Severity

High

Classification

CVE-2017-7290 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities