Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
XOOPS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2006-2516 - Vulnerability Database
XOOPS

XOOPS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2006-2516

Medium
Reference: CVE-2006-2516
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2006-2516
Title: XOOPS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

mainfile.php in XOOPS 2.0.13.2 and earlier when register_globals is enabled allows remote attackers to overwrite variables such as xoopsOption39nocommon39 and conduct directory traversal attacks or include PHP files via (1) xoopsConfiglanguage to misc.php or (2) xoopsConfigtheme_set to index.php as demonstrated by injecting PHP sequences into a log file.