Family: CGI abuses --> Category: attack
Xoops < 2.0.12 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Xoops < 2.0.12
Detailed Explanation for this Vulnerability Test
The remote web server contains several PHP scripts that are prone to
SQL injection and cross-site scripting attacks.
The installated version of Xoops on the remote host is affected by
several vulnerabilities :
- A SQL Injection Vulnerability
The bundled XMLRPC server fails to sanitize user-supplied
input to the 'xmlrpc.php' script. A possible hacker can exploit
this flaw to launch SQL injection attacks which may lead to
authentication bypass, disclosure of sensitive information,
attacks against the underlying database, and the like.
- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can inject arbitrary HTML and script code
through the 'order' and 'cid' parameters of the
'modules/repository/comment_edit.php' scripts respectively,
which could result in disclosure of administrative session
See also :
Upgrade to Xoops version 2.0.12 or later.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.