cvedb.io
CVE-2017-11174
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-07-12T21:29:00.193 · Last modified 2026-06-17T01:01:21.110

Summary

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.

Affected products

xoops — xoops

Does this affect you?

Add your gear to cvedb and we'll alert you only when xoops ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.