vendor:
XOOPS
by:
Alexandr Polyakov, Stas Svistunovich
7.5
CVSS
HIGH
Local File Include,URL Redirecting phishing
94, 601
CWE
Product Name: XOOPS
Affected Version From: XOOPS 2.0.18
Affected Version To: XOOPS 2.0.18
Patch Exists: YES
Related CWE: N/A
CPE: a:xoops:xoops
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
DSECRG-08-009
Attacker can inject PHP code and execute OS commands with webserver user privileges. Vulnerability found in script htdocs/user.php?xoops_redirect in post parameter name 'xoops_redirct'
Mitigation:
Ensure that user input is properly sanitized and validated before being used in a file path.