Categories

Applications (244)
Blogs (7)
Content Management (158)
Customer Relationship (4)
Discussion Boards (35)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (357)
Access Bypass (53)
Cross Site Scripting (134)
Denial Of Service (2)
File Inclusion (53)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (137)
« Wordpress “”PHP_SELF” XSS
Xoops Module SQL Injection »

Xoops Module SQL Injection

Published by CS Lee April 9th, 2007 in SQL Injection.

Application: Xoops WF-Snippets Module
Version: WF-Snippets 1.03 or earlier
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injections
Risk: Medium

Solution:
- Edit the source code to ensure that input is properly sanitized
- Waiting for official patch or update

0 Responses to “Xoops Module SQL Injection”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

You must login to post a comment.

« Wordpress “”PHP_SELF” XSS
Xoops Module SQL Injection »

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional