← Back to CVE List

CVE-2017-11174

Published: 2017-07-12T21:29Z
Last Modified: 2024-11-21T03:07Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt