Description

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

Remediation

References

CVE-2005-3680

Related Vulnerabilities

MySQL CVE-2020-14775 Vulnerability (CVE-2020-14775)

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Bypass (7.6.0)

Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12015)

ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)

Oracle Database Server CVE-2019-2571 Vulnerability (CVE-2019-2571)

Severity

Medium

Classification

CVE-2005-3680

Tags

Missing Update Known Vulnerabilities