Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
XOOPS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-11174 - Vulnerability Database
XOOPS

XOOPS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-11174

Critical
Reference: CVE-2017-11174
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-11174
Title: XOOPS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1 unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page related to use of GBK in CHARACTER SET and COLLATE clauses.