PEAK XOOPS - Secunia report 17573 in englishin japanese

Archive | RSS |
Site News
Site News : Secunia report 17573
Poster : GIJOE on 2005-11-16 05:03:00 (9812 reads)

in englishin japanese

TITLE:
Xoops "xoopsConfig[language]" Local File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA17573

VERIFY ADVISORY:
http://secunia.com/advisories/17573/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
Xoops 2.x
http://secunia.com/product/327/

DESCRIPTION:
rgod has discovered a vulnerability in Xoops, which can be exploited
by malicious people to disclose sensitive information.



This POC is just under the environment with register_globals on.
All you have to do is turn register_globals off.

And there are a mistake in "SOFTWARE" section.

Quote:


SOFTWARE:
Xoops 2.2.x


There are no such vulnerablities with 2.0.13.2 and 2.0.13a-JP


0 comments
Printer friendly page Send this story to a friend

Comments list

View more comments...
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!