| VID |
21479 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The XOOPS Incontent module is vulnerable to a directory traversal vulnerability in the index.php script. XOOPS Incontent is a module for XOOPS, which is a dynamic object oriented based open source portal system written in PHP. XOOPS Incontent module version 3.0 and possibly other versions are vulnerable to a directory traversal vulnerability, caused by an input validation error in the "index.php" script in /modules/incontent/ directory. By sending a specially-crafted request containing "dot dot" sequences (in the form of ../../), a remote attacker could traverse directories located outside of the web root and view the contents of web server readable files.
* Platforms Affected:
XOOPS Incontent version 3.0 and possibly other versions
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the fixed version of XOOPS Incontent module, when new fixed version becomes available from the Download Web site for the XOOPS Incontent module at http://www.xoops.org/modules/news/article.php?storyid=415 |
| Related URL |
(CVE) |
| Related URL |
12406 (SecurityFocus) |
| Related URL |
(ISS) |
|
