XOOPS Core 2.5.8.1 Install DB SQL Injection

CVE
============================================
CVE-2017-11174


Credit
============================================
Nguyen Thanh Nguyen


Dates
============================================
July 11, 2017


Vendor
============================================


Product
============================================
XOOPS Core


Versions Affected
============================================
2.5.8.1 and maybe below


Risk / Severity Rating
============================================
Context-Dependent


Vulnerability Description and Impact
============================================
Unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database setting page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Impact: context-dependent, force create database with bad charset and collate and may lead to SQL injection somewhere. Update charset, collate of other database in server.


Solution
============================================
Filtered data before passing to queries.

XOOPS Core 2.5.8.1 Install DB Cross-Site Scripting

============================================
CVE: CVE-2017-7944
============================================
Credit: Nguyen Thanh Nguyen
============================================
Dates: April 18, 2017
============================================
============================================
Product: XOOPS Core
============================================
Versions Affected: 2.5.8.1
============================================
Risk / Severity Rating: Low
============================================
Vulnerability Description and Impact:
Description: XSS occurs in page_dbsettings.php via error message when install db failed due to unescape html output.
Impact: context-dependent, such like force victim to change database name, charset, collation, or make a open redirect to some malicious site.
============================================
Solution: Don’t output what user input, or sanitize it first.
============================================