← Back

Xoops

xoops

87 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Xoops
xoops
43 CVEs
Xoops Glossaire Module
xoops_glossaire_module
2 CVEs
Xoops Rmsoft Gallery System
xoops_rmsoft_gallery_system
2 CVEs
Tutoriais Module
tutoriais_module
2 CVEs
Xm Memberstats
xm_memberstats
2 CVEs
Xoops Dictionary
xoops_dictionary
1 CVE
Wf Downloads
wf-downloads
1 CVE
Xoops Pool Module
xoops_pool_module
1 CVE
Core Module
core_module
1 CVE
Library Module
library_module
1 CVE
Friendfinder Module
friendfinder_module
1 CVE
Malaika System Myads Module
malaika_system_myads_module
1 CVE
Repository Module
repository_module
1 CVE
Rha7 Downloads Module
rha7_downloads_module
1 CVE
Wf Snippets
wf-snippets
1 CVE
Happy Linux Xfsection Module
happy_linux_xfsection_module
1 CVE
Zmagazine Module
zmagazine_module
1 CVE
Xoops Virii Info Module
xoops_virii_info_module
1 CVE
Xoops Popnupblog
xoops_popnupblog
1 CVE
John Mordo Jobs Module
john_mordo_jobs_module
1 CVE
Flashgames Module
flashgames_module
1 CVE
Wfquotes Module
wfquotes_module
1 CVE
Myconference Module
myconference_module
1 CVE
Icontent Module
icontent_module
1 CVE
Cjay Content Module
cjay_content_module
1 CVE
Xt Conteudo Module
xt-conteudo_module
1 CVE
Xfsection Module
xfsection_module
1 CVE
Horoscope Module
horoscope_module
1 CVE
Tinycontent Module
tinycontent_module
1 CVE
Wiwimod Module
wiwimod_module
1 CVE
Articles Module
articles_module
1 CVE
Mylinks Module
mylinks_module
1 CVE
Xoopsgallery Module
xoopsgallery_module
1 CVE
Mytopics
mytopics
1 CVE
Eempregos Module
eempregos_module
1 CVE
Prayer List Module
prayer_list_module
1 CVE
Tiny Event Module
tiny_event_module
1 CVE
Xoops Cube
xoops_cube
1 CVE
Article Module
article_module
1 CVE
Kshop Module
kshop_module
1 CVE
Makale
makale
1 CVE
Uploader
uploader
1 CVE
Glossaire Module
glossaire_module
1 CVE

CVEs (87)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-5665
1Xoops
1Xoops
Apr 23, 2026
Dec 19, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-4653
1Xoops
1Makale
Apr 23, 2026
Oct 22, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are o...Show more
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-3560
1Xoops
1Kshop Module
Apr 23, 2026
Aug 8, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2008-3296
1Xoops
1Xoops
Apr 23, 2026
Jul 25, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this...Show more
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-3295
1Xoops
1Xoops
Apr 23, 2026
Jul 25, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is un...Show more
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-2094
1Xoops
1Article Module
Apr 23, 2026
May 6, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2035
2Bluemoon
Xoops
7Backpack
BmsurveyNewbb Fileup+4 more
Apr 23, 2026
Apr 30, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) Popnu...Show more
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2008-1351
1Xoops
1Tutoriais Module
Apr 23, 2026
Mar 17, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage act...Show more
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.Show less
CVE-2008-1065
1Xoops
1Xm Memberstats
Apr 23, 2026
Feb 28, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE:...Show more
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-1064
1Xoops
1Xoops Rmsoft Gallery System
Apr 23, 2026
Feb 28, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2008-1063
1Xoops
1Xm Memberstats
Apr 23, 2026
Feb 28, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
CVE-2008-0937
2Tinyevent
Xoops
2Tiny Event Module
Tinyevent
Apr 23, 2026
Feb 25, 2008
N/A· v4
N/A· v3
6.8 MEDIUM· v2
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2...Show more
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.Show less
CVE-2008-0936
1Xoops
1Prayer List Module
Apr 23, 2026
Feb 25, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
CVE-2008-0874
1Xoops
1Eempregos Module
Apr 23, 2026
Feb 21, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
CVE-2008-0847
1Xoops
1Mytopics
Apr 23, 2026
Feb 21, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
CVE-2008-0613
1Xoops
1Xoops
Apr 23, 2026
Feb 6, 2008
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
CVE-2008-0612
1Xoops
1Xoops
Apr 23, 2026
Feb 6, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-0611
2Rmsoft
Xoops
2Gallery System
Xoops
Apr 23, 2026
Feb 6, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0138
1Xoops
1Xoopsgallery Module
Apr 23, 2026
Jan 8, 2008
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLER...Show more
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.Show less
CVE-2007-6675
1Xoops
1Xoops
Apr 23, 2026
Jan 8, 2008
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.