GCVE - cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*

part: a version: 2.0.13.1 update: *

Vendor	Xoops (`0cd3f1ab-f94d-5608-8423-6f6f7310816b`)
Product	Xoops (`7a1dd380-5a1b-5ae4-8a61-64cd7be487c2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/xoops/xoopscore`	purl2cpe	2026-06-01 10:13:19.137940
`pkg:github/xoops/xoopscore25`	purl2cpe	2026-06-01 10:13:19.137941
`pkg:sourceforge/xoops`	purl2cpe	2026-06-01 10:13:19.137943

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-4851`	vulnerable	2026-06-03 14:29:59.410577	Details available The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. Published: 2010-05-07T18:23:00.000Z Updated: 2024-09-16T17:23:15.676Z Open on db.gcve.eu Reference links http://secunia.com/advisories/37274 http://www.xoops.org/modules/news/article.php?storyid=5096 http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132 http://www.vupen.com/english/advisories/2009/3256	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3963`	vulnerable	2026-06-03 14:29:54.716638	Details available Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. Published: 2009-11-17T18:00:00.000Z Updated: 2024-08-07T06:45:50.787Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/54181 http://www.securityfocus.com/bid/36955 http://www.vupen.com/english/advisories/2009/3174 http://www.xoops.org/modules/news/article.php?storyid=5064	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2516`	vulnerable	2026-06-03 14:27:32.517459	Details available mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. Published: 2006-05-22T22:00:00.000Z Updated: 2024-08-07T17:51:04.851Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/434698/100/0/threaded http://www.osvdb.org/25683 http://secunia.com/advisories/20176 http://www.securityfocus.com/bid/18061 https://www.exploit-db.com/exploits/1811	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.