| VID |
210048 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The XOOPS program is vulnerable to an SQL injection vulnerability via the 'modules/articles/print.php' script. XOOPS is a dynamic object oriented based open source portal system written in PHP. XOOPS Articles Module version 1.02 and earlier versions are vulnerable to an SQL injection vulnerability, caused by improper validation of user-supplied input passed to the 'id' parameter of the 'modules/articles/print.php' script. Regardless of PHP's 'magic_quotes_gpc' setting, this vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.securityfocus.com/archive/1/463916/30/0/threaded
* Platforms Affected:
XOOPS Articles Module version 1.02 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Xoops Articles Module (1.03 or later), available from the Xoops Articles Module Web site at http://sourceforge.net/projects/xoops/files/XOOPS%20Module%20Repository/XOOPS2/ |
| Related URL |
(CVE) |
| Related URL |
23160 (SecurityFocus) |
| Related URL |
33246 (ISS) |
|
