Description
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Palyo34 · textwebappsphp
https://www.exploit-db.com/exploits/10807
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37535
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/10807
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55222
Scores
EPSS
0.0015
EPSS Percentile
34.7%
Details
CWE
CWE-89
Status
published
Products (1)
xoops/xoops_dictionary
2.0.18
Published
Jan 06, 2010
Tracked Since
Feb 18, 2026