Description

Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Remediation

References

CVE-2008-0612

Related Vulnerabilities

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.1.6)

WordPress Plugin MW WP Form Directory Traversal (4.4.2)

WordPress Plugin Knews Multilingual Newsletters 'ff' Parameter Cross-Site Scripting (1.1.0)

WordPress Plugin Testimonial Rotator Cross-Site Scripting (3.0.3)

Severity

High

Classification

CVE-2008-0612 CWE-22

Tags

Missing Update Known Vulnerabilities