header-logo
Suggest Exploit
vendor:
XOOPS
by:
Unknown
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: XOOPS
Affected Version From: XOOPS 2.5.0
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

XOOPS Local File Include Vulnerability

XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully exploiting this issue may lead to other attacks.

Mitigation:

It is recommended to sanitize user-supplied input and validate file paths before including them in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47418/info

XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully exploiting this issue may lead to other attacks.

XOOPS 2.5.0 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/imagemanager.php?target=/../../../../../../../../boot.ini%00&op=upload

Navigation

Suggest Exploit

Services By CQR