CVE-2005-2113

Xoops - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/1082

View Code ZIP pw:eip

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43827

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=112006318512991&w=2

[Vendor Advisory] http://www.gulftech.org/?node=research&article_id=00086-06292005

[Patch] http://www.xoops.org/modules/news/article.php?storyid=2383

[Third Party Advisory] http://secunia.com/advisories/15843

Scores

EPSS 0.0097

EPSS Percentile 76.7%

Details

Status published

Products (15)

xoops/xoops 2.0

xoops/xoops 2.0.1

xoops/xoops 2.0.2

xoops/xoops 2.0.3

xoops/xoops 2.0.4

xoops/xoops 2.0.5

xoops/xoops 2.0.5.1

xoops/xoops 2.0.5.2

xoops/xoops 2.0.6

xoops/xoops 2.0.7

... and 5 more

Published Jul 05, 2005

Tracked Since Feb 18, 2026