CVE-2006-4417

Publication date

2006-08-28 21:00:00

Family

mitre

State

PUBLISHED

Description

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.