Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6884

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6884
Last Modified 03 Aug 2009 12:00:00
Published 31 Jul 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6884

Summary

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.

Vulnerable Systems

Application

  • Xoops 2.3.1


References

XF - xoops-blocks-main-file-include(47153)

CONFIRM - http://www.xoops.org/modules/news/article.php?storyid=4563

CONFIRM - http://www.xoops.org/modules/news/article.php?storyid=4540

BID - 32685

OSVDB - 50573

OSVDB - 50572

BUGTRAQ - 20081208 [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x

MILW0RM - 7380

SECUNIA - 33048


Last Updated: 27 May 2016 10:49:22