Description

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.

Remediation

References

CVE-2006-2516

Related Vulnerabilities

Ruby Out-of-bounds Write Vulnerability (CVE-2017-11465)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1409)

WordPress Plugin FlightLog SQL Injection (3.0.2)

WordPress Plugin Mang Board WP Unspecified Vulnerability (2.0.3)

WordPress Plugin Stripe Payments Cross-Site Scripting (2.0.39)

Severity

Medium

Classification

CVE-2006-2516 CWE-22

Tags

Missing Update Known Vulnerabilities