GCVE - cpe:2.3:a:xoops:xoops:2.5.8.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.5.8.1:*:*:*:*:*:*:*

part: a version: 2.5.8.1 update: *

Vendor	Xoops (`0cd3f1ab-f94d-5608-8423-6f6f7310816b`)
Product	Xoops (`7a1dd380-5a1b-5ae4-8a61-64cd7be487c2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/xoops/xoopscore`	purl2cpe	2026-06-01 10:13:19.219408
`pkg:github/xoops/xoopscore25`	purl2cpe	2026-06-01 10:13:19.219410
`pkg:sourceforge/xoops`	purl2cpe	2026-06-01 10:13:19.219411

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7944`	vulnerable	2026-06-03 14:37:38.526357	Details available XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. Published: 2017-04-24T10:00:00.000Z Updated: 2024-08-05T16:19:29.639Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97978 https://tsublogs.wordpress.com/2017/04/24/xoops-core-2-5-8-1-install-db-cross-site-scripting/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-7290`	vulnerable	2026-06-03 14:37:31.747251	Details available SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program. Published: 2017-03-30T07:00:00.000Z Updated: 2024-08-05T15:56:36.385Z Open on db.gcve.eu Reference links https://gist.github.com/jk1986/3b304ac6b4ae52ae667bba380c2dce19 http://www.securityfocus.com/bid/97230	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-11174`	vulnerable	2026-06-03 14:36:27.812934	Details available In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. Published: 2017-07-12T21:00:00.000Z Updated: 2024-08-05T17:57:57.703Z Open on db.gcve.eu Reference links https://tsublogs.wordpress.com/2017/07/12/xoops-core-2-5-8-1-install-db-sql-injection/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.