1
Zap_English
NEWS module - SQL injection

While trying to set up the preferences I got

SQL Injection found
None All Errors (0) Deprecated (0) Queries (9) Blocks (0) Extra (2) Timers(3)

News 1.71 Final (10/18/2016) from Github


XOOPS Version XOOPS 2.5.8.1
PHP Version 5.6.30
mySQL Version 5.5.5-10.1.21-MariaDB

2
Mamba
Re: NEWS module - SQL injection
  • 2017/2/13 10:51

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


You need to provide more info, e.g.:
- what were you doing, i.e. which preferences were you changing
- did you try to save it without changing any preferences

Basically - how could we reproduce the issue?
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

3
Zap_English
Re: NEWS module - SQL injection

the only thing I did was try to create a topic i the topics manager.

Just the title, no description, no image

Approve permissions Webmasters
Submit permissions Webmasters
View permissions Webmasters Registered Users Anonymous Users

4
Zap_English
Re: NEWS module - SQL injection

Really I just need a simple content manager that also has comments and ratings.

News is probably more than I need.

XMContent is nice but it doesn't have ratings or comments

Login

Who's Online

158 user(s) are online (111 user(s) are browsing Support Forums)


Members: 0


Guests: 158


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits