CVE-2002-0216

Description

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.

Affected products

• Xoops / xoops1.0_rc1 – 1.0_rc1

References

• MISChttp://www.securityfocus.com/bid/3977
• MISChttp://www.iss.net/security_center/static/8028.php
• MISChttp://online.securityfocus.com/archive/1/252827