mainfile.php in XOOPS 2.0.13.2 and previous versions, when register_globals is enabled, allows remote malicious users to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xoops xoops 2.0 |
||
xoops xoops 2.0.4 |
||
xoops xoops 2.0.5 |
||
xoops xoops 2.0.9.3 |
||
xoops xoops |
||
xoops xoops 2.0.11 |
||
xoops xoops 2.0.12_jp |
||
xoops xoops 2.0.6 |
||
xoops xoops 2.0.7 |
||
xoops xoops 2.0.13.1 |
||
xoops xoops 2.0.2 |
||
xoops xoops 2.0.3 |
||
xoops xoops 2.0.9 |
||
xoops xoops 2.0.9.2 |
||
xoops xoops 2.0.1 |
||
xoops xoops 2.0.10 |
||
xoops xoops 2.0.5.1 |
||
xoops xoops 2.0.5.2 |