header-logo
Suggest Exploit
vendor:
Horoscope Module
by:
BeyazKurt
7.5
CVSS
HIGH
Path Traversal
22
CWE
Product Name: Horoscope Module
Affected Version From: All versions
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

XOOPS Modules Horoscope

The vulnerability exists in the footer.php file of the Horoscope module in XOOPS, allowing an attacker to traverse the file system and access sensitive files by manipulating the 'xoopsConfig[root_path]' parameter. This can lead to unauthorized access, information disclosure, and potential remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the XOOPS Horoscope module or apply a fix provided by the vendor. Additionally, restrict access to the vulnerable file and implement proper input validation and sanitization to prevent path traversal attacks.
Source

Exploit-DB raw data:

BeyazKurt - B3yazKurt@Hotmail.Com

XOOPS Modules Horoscope

http://www.xoops.org/modules/repository/visit.php?cid=32&lid=1162

modules/horoscope/footer.php?xoopsConfig[root_path]=

{NetLife Since : '2003-4'}

Emekli Heykır BeyazKurt - Neti bıraktım! Dönüşüm mükemmel olcak ;(

# milw0rm.com [2007-06-12]

Navigation

Suggest Exploit

Services By CQR