Xoops CMS SQL Injection Vulnerability Reported

Xoops CMS SQL Injection Vulnerability Reported

CMS Software News

Computer Security News

Text-Link-Ads New Tips For Beating Google (PageRank Penalty) Asks Bloggers To Sell Their Integrity

Linux Worm Exploits PHP XMLRPC Vulnerability

CMS Software News

Computer Security News

RELATED NEWS

Text-Link-Ads New Tips For Beating Google (PageRank Penalty) Asks Bloggers To Sell Their Integrity

Linux Worm Exploits PHP XMLRPC Vulnerability

By Angsuman Chakraborty, Gaea News Network
Thursday, June 29, 2006

KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the “lid” parameter in annonces-p-f.php isn’t properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been confirmed in version 2.04jp. Other versions may also be affected.

Solution:
Edit the source code to ensure that “lid” parameter input is sanitised.

Read about the exploit here.

Filed under: CMS Software, Computer Security, Headline News, Open Source Software, PHP, Web, Web Hosting, Web Services

Discuss Bellow

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Text-Link-Ads upped the ante in their fight against Google (in their effort to help people buy page ...

There are few reports of an attack by a new Linux worm called Lupper which exploits a well known PHP...

Older News