Categories

Applications (255)
Blogs (7)
Content Management (167)
Customer Relationship (4)
Discussion Boards (37)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (366)
Access Bypass (55)
Cross Site Scripting (138)
Denial Of Service (2)
File Inclusion (54)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (140)
« WebSPELL “picture.php” Information Leaking
PunBB Multiple XSS »

Xoops Module SQL Injection

Published by CS Lee April 9th, 2007 in SQL Injection.

Application: Xoops Jobs Module
Version: 2.4 or earlier
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injection
Risk: Medium

Solution:
- Edit the source code to ensure that input is properly sanitized
- Waiting for official patch or update

0 Responses to “Xoops Module SQL Injection”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

You must login to post a comment.

« WebSPELL “picture.php” Information Leaking
PunBB Multiple XSS »

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional