Secunia report 17573
Date 2005-11-16 05:03:00 | Category: Site News
|
TITLE: Xoops "xoopsConfig[language]" Local File Inclusion Vulnerability
SECUNIA ADVISORY ID: SA17573
VERIFY ADVISORY: http://secunia.com/advisories/17573/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
WHERE: >From remote
SOFTWARE: Xoops 2.x http://secunia.com/product/327/
DESCRIPTION: rgod has discovered a vulnerability in Xoops, which can be exploited by malicious people to disclose sensitive information.
This POC is just under the environment with register_globals on. All you have to do is turn register_globals off.
And there are a mistake in "SOFTWARE" section.
Quote:
There are no such vulnerablities with 2.0.13.2 and 2.0.13a-JP
|
|