|Title:||Xoops path disclosure|
The remote host is running the Xoops CGI suite.
There is a flaw in this version which allows an attacker
to obtain the physical path of the remote web root by supplying
a bogus option to one of the Xoops CGI.
In addition to this, other flaws are known to exist in Xoops
(SQL injection, information disclosure about the users and so on).
You are advised to remove this CGI.
Solution : None at this time
Risk factor : Medium
BugTraq ID: 3977|
BugTraq ID: 3978
BugTraq ID: 3981
BugTraq ID: 5785
BugTraq ID: 6344
BugTraq ID: 6393
Common Vulnerability Exposure (CVE) ID: CVE-2002-0216
Bugtraq: 20020129 Xoops SQL fragment disclosure and SQL injection vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2002-0217
Bugtraq: 20020129 Xoops Private Message System Script injection (Google Search)
|Copyright||This script is Copyright (C) 2003 Renaud Deraison|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.