Secunia report 17573

Date 2005-11-16 05:03:00 | Category: Site News
in englishin japanese

TITLE:
Xoops "xoopsConfig[language]" Local File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA17573

VERIFY ADVISORY:
http://secunia.com/advisories/17573/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
Xoops 2.x
http://secunia.com/product/327/

DESCRIPTION:
rgod has discovered a vulnerability in Xoops, which can be exploited
by malicious people to disclose sensitive information.



This POC is just under the environment with register_globals on.
All you have to do is turn register_globals off.

And there are a mistake in "SOFTWARE" section.

Quote:

SOFTWARE:
Xoops 2.2.x


There are no such vulnerablities with 2.0.13.2 and 2.0.13a-JP


You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=72