Unrated severityNVD Advisory· Published Jul 5, 2005· Updated Apr 16, 2026

CVE-2005-2113

Description

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

Affected products

XOOPS/Xoops15 versions
cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.xoops.org/modules/news/article.phpnvdPatch
www.gulftech.orgnvdVendor Advisory
marc.infonvd
secunia.com/advisories/15843nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000