Xoops: >> Xoops >> 2.0.12_jp Security Vulnerabilities
Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-11-17
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
CVSS Score
5.1
EPSS Score
0.052
Published
2006-05-22