Xoops 'imagemanager.php' Local File Inclusion Vulnerability

Summary
This host is running with Xoops and is prone to local file inclusion vulnerability.
Impact
Successful exploitation could allow attackers to perform file inclusion attacks and read arbitrary files on the affected application. Impact Level: Application
Solution
Upgrade to version 2.5.1 or later, For updates refer to http://sourceforge.net/projects/xoops
Insight
The flaw is due to input validation error in 'target' parameter to 'imagemanager.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
Xoops versin 2.5.0 and prior.
References