XOOPS 2.5.9 - SQL Injection

2019-05-13 21:05:13

[+] Sql Injection on XOOPS CMS v.2.5.9

[+] Date: 12/05/2019

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: [email protected]

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit :

http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]


[+] EOF

Fixes

No fixes

In order to submit a new fix you need to be registered.