Описание
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
Ссылки
- ExploitPatch
- Patch
- Patch
- Vendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitPatch
- Patch
- Patch
- Vendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05657
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
EPSS
Процентиль: 90%
0.05657
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22