Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
XOOPS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-7290 - Vulnerability Database
XOOPS

XOOPS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-7290

High
Reference: CVE-2017-7290
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7290
Title: XOOPS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses quotinto outfilequot to create a backdoor program.