PEAK XOOPS - News 
TITLE:
Xoops "xoopsConfig[language]" Local File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA17573
VERIFY ADVISORY:
http://secunia.com/advisories/17573/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Xoops 2.x
http://secunia.com/product/327/
DESCRIPTION:
rgod has discovered a vulnerability in Xoops, which can be exploited
by malicious people to disclose sensitive information.
This POC is just under the environment with register_globals on.
All you have to do is turn register_globals off.
And there are a mistake in "SOFTWARE" section.
Quote:
SOFTWARE:
Xoops 2.2.x
There are no such vulnerablities with 2.0.13.2 and 2.0.13a-JP
Fatal error: Only variables can be passed by reference
has occorred in PHP 5.0.5.
Though It looks is almost a bug of PHP 5.0.5, I have to modify my codes for the environments.
I've already fixed myblocksadmin and mymenu.
The other modules will be mofidied later.
I'll release my second book named "PHP Cyber-Terrorizing".
In this book, I wrote the practical tecnique to protect from almost attacks via web application writting in PHP like XOOPS.
"PHP Cyber-Terrorizing" by GIJOE
Socym http://www.socym.co.jp/
release date 2005/11/25
I'm sorry that I'm absent from XOOPS world.
That's caused by my hard works 
Since almost works has ended, I'll start to maintain my modules and my site soon.
myblocksadmin is code flagments for developpers to achive blocks/groups admin by each modules.
I've just modified myblocksadmin for XOOPS 2.2.
If you use myblocksadmin, update it please.
It makes your module "XOOPS 2.2 compatible".
And I've just updated xhld, and I've confirmed xhld 3.00 works fine with XOOPS 2.2.
(Hey, Mithrandir! I've kept the promise with you. 
)
I know the implementations for 2.2 is not perfect yet.
TODO:
- escape the routine for restoring block's option in X2.2
- "edit block" in myblocksadmin
- "delete block" in myblocksadmin
- custom block for "blocksadmin module"