Description

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

Remediation

References

CVE-2005-3680

Related Vulnerabilities

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-6357)

WordPress Plugin WP DSGVO Tools (GDPR) Unspecified Vulnerability (3.1.26)

WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1)

RubyGems Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-8323)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.9)

Severity

Medium

Classification

CVE-2005-3680

Tags

Missing Update Known Vulnerabilities