CVE-2017-7290
Summary
| CVE | CVE-2017-7290 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-30 07:59:00 UTC |
| Updated | 2017-04-03 13:42:00 UTC |
| Description | SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Xoops | Xoops | 2.5.7.2 | All | All | All |
| Application | Xoops | Xoops | 2.5.7.3 | All | All | All |
| Application | Xoops | Xoops | 2.5.8.1 | All | All | All |
| Application | Xoops | Xoops | 2.5.7.2 | All | All | All |
| Application | Xoops | Xoops | 2.5.7.3 | All | All | All |
| Application | Xoops | Xoops | 2.5.8.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| XOOPS CVE-2017-7290 SQL Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| PoC: CVE-2017-7290 · GitHub | MISC | gist.github.com | Exploit, Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.