In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
References
Link | Resource |
---|---|
https://tsublogs.wordpress.com/2017/07/12/xoops-core-2-5-8-1-install-db-sql-injection/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-12T21:00:00
Updated: 2017-07-12T20:57:01
Reserved: 2017-07-11T00:00:00
Link: CVE-2017-11174
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-07-12T21:29:00.193
Modified: 2017-07-27T18:05:01.137
Link: CVE-2017-11174
JSON object: View
Redhat Information
No data.
CWE