XOOPS 2.5.9 - SQL Injection
[+] Sql Injection on XOOPS CMS v.2.5.9
[+] Date: 12/05/2019
[+] Risk: High
[+] CWE Number : CWE-89
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: https://xoops.org/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Gnu/Linux
[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)
[+] Exploit :
http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]
[+] EOF