High severity7.2NVD Advisory· Published Mar 30, 2017· Updated May 13, 2026

CVE-2017-7290

Description

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

Affected products

XOOPS/Xoops3 versions
cpe:2.3:a:xoops:xoops:2.5.7.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:xoops:xoops:2.5.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.5.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.5.8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/jk1986/3b304ac6b4ae52ae667bba380c2dce19nvdExploitPatchThird Party Advisory
www.securityfocus.com/bid/97230nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000