The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS prior to 2.0.18 does not check permissions, which allows remote malicious users to read the comments in restricted modules.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xoops xoops |