XOOPS < 2.0.12 Multiple Vulnerabilities

high Nessus Plugin ID 18614

Synopsis

The remote web server contains several PHP scripts that are prone to SQL injection and cross-site scripting attacks.

Description

The installed version of XOOPS on the remote host is affected by several vulnerabilities :

- A SQL Injection Vulnerability The bundled XMLRPC server fails to sanitize user- supplied input to the 'xmlrpc.php' script. An attacker can exploit this flaw to launch SQL injection attacks, which could lead to authentication bypass, disclosure of sensitive information, attacks against the underlying database, and the like.

- Multiple Cross-Site Scripting Vulnerabilities An attacker can inject arbitrary HTML and script code through the 'order' and 'cid' parameters of the 'modules/newbb/edit.php' and 'modules/repository/comment_edit.php' scripts respectively, which could result in disclosure of administrative session cookies.

Solution

Upgrade to XOOPS version 2.0.12 or later.

See Also

http://www.nessus.org/u?ae0cfcc4

Plugin Details

Severity: High

ID: 18614

File Name: xoops_2012.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 7/5/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:xoops:xoops

Required KB Items: www/xoops

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/29/2005

Reference Information

CVE: CVE-2005-2112, CVE-2005-2113

BID: 14094, 14096

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990