XOOPS Arbitrary File Deletion And HTTP Header Injection Vulnerabilities Network Vulnerability

Summary

XOOPS is prone to an HTTP-header-injection vulnerability and an arbitrary-file- deletion vulnerability. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling. Successful file-deletion exploits may corrupt data and cause denial-of- service conditions. XOOPS 2.4.3 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/archive/1/509034
http://www.securityfocus.com/bid/37860
http://www.xoops.org

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability

XOOPS Arbitrary File Deletion and HTTP Header Injection Vulnerabilities

Take action and discover your vulnerabilities