CVE-2008-2094
published 2008-05-06CVE-2008-2094: SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.98%
57.8th percentile
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XOOPS 2.0.14 - 'article.php' SQL Injection
exploitdb·2010-08-28
CVE-2008-2094 XOOPS 2.0.14 - 'article.php' SQL Injection
XOOPS 2.0.14 - 'article.php' SQL Injection
---
##################################################################
##################################################################
# ___ ___ _ _____ __ _ #
# / _ \ / _ \| | | __ \ / _| | | #
# _ __| | | | | | | |_| | | | ___| |_ __ _ ___ ___ __| | #
# | '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` | #
# | | | |_| | |_| | |_| |__| | __/ || (_| | (_| __/ (_| | #
# |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| #
# #
# #
# +-+-+-+-+ #
# |C|r|e|w| #
# +-+-+-+-+ #
##################################################################
##################################################################
# [#] XOOPS 2.0.14 (article.php) SQL Injection Vulnerability #
# [#] Discovered By []0iZy5 #
# [#] http://r00tDefaced.com & uNkn0wn.
Exploit-DB
XOOPS 2.0.14 Article Module - 'article.php' SQL Injection
exploitdb·2008-04-21
CVE-2008-2094 XOOPS 2.0.14 Article Module - 'article.php' SQL Injection
XOOPS 2.0.14 Article Module - 'article.php' SQL Injection
---
source: https://www.securityfocus.com/bid/28879/info
XOOPS Article module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
# Exploit :
#############################################
#Coded By Cr@zy_King http://coderx.org]#
#############################################
use IO::Socket;
if (@ARGV != 3)
{
print "\n-----------------------------------\n";
print "Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it\n";
print "------------------------------
No writeups or analysis indexed.
http://securityreason.com/securityalert/3856http://www.securityfocus.com/archive/1/491150/100/0/threadedhttp://www.securityfocus.com/bid/28879https://exchange.xforce.ibmcloud.com/vulnerabilities/41943http://securityreason.com/securityalert/3856http://www.securityfocus.com/archive/1/491150/100/0/threadedhttp://www.securityfocus.com/bid/28879https://exchange.xforce.ibmcloud.com/vulnerabilities/41943
2008-05-06
Published