vendor:
tsdisplay4xoops
by:
GolD_M = [Mahmood_ali]
N/A
CVSS
HIGH
Remote File Include
CWE
Product Name: tsdisplay4xoops
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
tsdisplay4xoops 0.1(xoops_url) Remote File Include Vulnerabilitiy
The tsdisplay4xoops version 0.1 has a remote file inclusion vulnerability in the tsdisplay4xoops_block2.php file. An attacker can exploit this vulnerability by injecting malicious code through the xoops_url parameter, which can lead to remote code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a newer version of tsdisplay4xoops that has fixed the remote file inclusion vulnerability. Additionally, input validation and sanitization should be implemented to prevent malicious code injection.