Description

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

Remediation

References

CVE-2005-3680

Related Vulnerabilities

IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)

PHP Resource Management Errors Vulnerability (CVE-2011-1657)

MySQL CVE-2015-0391 Vulnerability (CVE-2015-0391)

WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.7)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-0231)

Severity

Medium

Classification

CVE-2005-3680

Tags

Missing Update Known Vulnerabilities