WEB APPLICATION VULNERABILITIES Standard & Premium

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)

Description

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.3)

WebLogic CVE-2016-5535 Vulnerability (CVE-2016-5535)

WordPress Plugin Jayj Quicktag Multiple Vulnerabilities (1.3.1)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)

GlassFish CVE-2016-3608 Vulnerability (CVE-2016-3608)

Severity

High

Classification

CVE-2008-3296 CWE-22

Tags

Missing Update Known Vulnerabilities