XOOPS Arbitrary File Deletion And HTTP Header Injection Vulnerabilities Network Vulnerability

Summary

XOOPS is prone to an HTTP-header-injection vulnerability and an arbitrary-file- deletion vulnerability. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling. Successful file-deletion exploits may corrupt data and cause denial-of- service conditions. XOOPS 2.4.3 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/archive/1/509034
http://www.securityfocus.com/bid/37860
http://www.xoops.org

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Archiva Multiple Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

XOOPS Arbitrary File Deletion and HTTP Header Injection Vulnerabilities

Take action and discover your vulnerabilities