Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

  • Published: Mar 30, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-7290
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
xoops / xoops 2.5.7.2 2.5.7.2.x
xoops / xoops 2.5.8.1 2.5.8.1.x
xoops / xoops 2.5.7.3 2.5.7.3.x