Description

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

Remediation

References

CVE-2005-3680

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2022-31630)

WordPress Plugin Q and A FAQ and Knowledge Base for WordPress Multiple SQL Injection Vulnerabilities (1.0.6.2)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21398)

WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.20)

Severity

Medium

Classification

CVE-2005-3680

Tags

Missing Update Known Vulnerabilities