XOOPS Mainfile.PHP Local File Include Vulnerability

info
discussion
exploit
solution
references

XOOPS Mainfile.PHP Local File Include Vulnerability

XOOPS is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.

An attacker may also be able to execute arbitrary code by way of uploaded avatars.

Version 2.0.13.2 is vulnerable; earlier versions may also be affected.