Categories

Applications (255)
Blogs (7)
Content Management (167)
Customer Relationship (4)
Discussion Boards (37)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (366)
Access Bypass (55)
Cross Site Scripting (138)
Denial Of Service (2)
File Inclusion (54)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (140)
« Xoops Module SQL Injection
WebSPELL “picture.php” Information Leaking »

Xoops Module SQL Injection

Published by CS Lee April 9th, 2007 in SQL Injection.

Application: Xoops WF-Links Module
Version: 1.03 or earlier
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injection
Risk: Medium

Solution:
- Waiting for official patch or update
- Edit the source code to ensure that input is properly sanitized

0 Responses to “Xoops Module SQL Injection”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

You must login to post a comment.

« Xoops Module SQL Injection
WebSPELL “picture.php” Information Leaking »

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional