Release DateDec 02, 2010 |
Severitymedium |
ImpactInformation disclosure: Remote attackers can gain sensitive information from vulnerable systems.Data manipulation: Remote attackers may tamper data on vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit an SQL-injection vulnerability inthe 'Articles' module of the Xoops CMS. The vulnerability is a result of the application's failure to properly sanitize user input. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. |
Affected ProductsXoops |
Recommended ActionsCurrently we are not aware of any patches supplied by the vendor for this issue. |
Coverage IPS
VCM |
Reference/shttps://strikecenter.bpointsys.com/bps/strikes/exploits/webapp/sql/xoops_print_articles_injection.xml |
