Xoops CVE Vulnerabilities & CVE List (88)

Products (CPE): — CVEs: 88

Xoops vulnerability overview

Aggregates CVE and security vulnerability intelligence across all Xoops-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, vendor risk path handling, and vendor risk open redirect and related problems; some flaws may lead to vendor impact data exposure.

Vulnerability distribution trend (last 24 months)

Showing 4160 of 88 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2007-6675 The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules. [email protected] 5.0 1.23% 2008-01-08 2026-06-16
CVE-2007-5978 SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. [email protected] 7.5 0.99% 2007-11-14 2026-06-16
CVE-2007-5188 Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. [email protected] 7.5 2.44% 2007-10-03 2026-06-16
CVE-2007-3311 SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. [email protected] 7.5 1.04% 2007-06-21 2026-06-16
CVE-2007-3289 PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. [email protected] 7.5 12.19% 2007-06-20 2026-06-16
CVE-2007-3237 PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. [email protected] 6.8 67.66% 2007-06-14 2026-06-16
CVE-2007-3236 PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. [email protected] 7.5 76.98% 2007-06-14 2026-06-16
CVE-2007-3222 PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. [email protected] 7.5 7.44% 2007-06-14 2026-06-16
CVE-2007-3221 PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. [email protected] 6.8 67.81% 2007-06-14 2026-06-16
CVE-2007-3220 PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. [email protected] 6.8 62.75% 2007-06-14 2026-06-16
CVE-2007-3057 PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. [email protected] 6.8 68.67% 2007-06-05 2026-06-16
CVE-2007-2738 SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. [email protected] 7.5 1.05% 2007-05-17 2026-06-16
CVE-2007-2737 SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 7.5 0.93% 2007-05-17 2026-06-16
CVE-2007-2571 SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. [email protected] 7.5 1.00% 2007-05-09 2026-06-16
CVE-2007-2543 SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. [email protected] 7.5 1.20% 2007-05-08 2026-06-16
CVE-2007-2370 SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. [email protected] 7.5 2.88% 2007-04-30 2026-06-16
CVE-2007-1979 SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. [email protected] 7.5 2.17% 2007-04-11 2026-06-16
CVE-2007-1976 PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack [email protected] 7.5 1.97% 2007-04-11 2026-06-16
CVE-2007-1974 SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. [email protected] 7.5 5.53% 2007-04-11 2026-06-16
CVE-2007-1962 SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. [email protected] 7.5 1.04% 2007-04-11 2026-06-16
cvelogic Threat Intelligence