CVE-2005-2113 Information

Description

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file as demonstrated using the blogger.getPost method.

Reference

http://marc.info/?l=bugtraq&m=112006318512991&w=2 http://secunia.com/advisories/15843 http://www.gulftech.org/?node=research&article_id=00086-06292005 http://www.xoops.org/modules/news/article.php?storyid=2383