TITLE:
Xoops "xoopsConfig[language]" Local File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA17573
VERIFY ADVISORY:
http://secunia.com/advisories/17573/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Xoops 2.x
http://secunia.com/product/327/
DESCRIPTION:
rgod has discovered a vulnerability in Xoops, which can be exploited
by malicious people to disclose sensitive information.
This POC is just under the environment with register_globals on.
All you have to do is turn register_globals off.
And there are a mistake in "SOFTWARE" section.
Quote:
SOFTWARE:
Xoops 2.2.x