Описание
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-4417
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28586
- http://devteam.xoops.org/releases/changelog-2.0.15.html
- http://secunia.com/advisories/21643
- http://securityreason.com/securityalert/1461
- http://www.hackers.ir/advisories/xoops.html
- http://www.osvdb.org/28265
- http://www.securityfocus.com/archive/1/444419/100/0/threaded
- http://www.securityfocus.com/bid/19720
- http://www.vupen.com/english/advisories/2006/3402
EPSS
Процентиль: 80%
0.0139
Низкий
CVE ID
Связанные уязвимости
nvd
больше 19 лет назад
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
EPSS
Процентиль: 80%
0.0139
Низкий