Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:CGI abuses
Title:Xoops path disclosure

The remote host is running the Xoops CGI suite.

There is a flaw in this version which allows an attacker
to obtain the physical path of the remote web root by supplying
a bogus option to one of the Xoops CGI.

In addition to this, other flaws are known to exist in Xoops
(SQL injection, information disclosure about the users and so on).

You are advised to remove this CGI.

Solution : None at this time
Risk factor : Medium

Cross-Ref: BugTraq ID: 3977
BugTraq ID: 3978
BugTraq ID: 3981
BugTraq ID: 5785
BugTraq ID: 6344
BugTraq ID: 6393
Common Vulnerability Exposure (CVE) ID: CVE-2002-0216
Bugtraq: 20020129 Xoops SQL fragment disclosure and SQL injection vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2002-0217
Bugtraq: 20020129 Xoops Private Message System Script injection (Google Search)
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.