Menu

#187 Vulnerability reported for Xoops Icontent module

Patches
open
nobody
None
5
2012-09-25
2008-12-02
No

I'm getting reports from my security group that we need to upgrade the icontent module. How can I identify what version of Xoops icontent module we are running, is it a service on the window boxs or a program that is installed?

"The remote host is running Xoops a web portail written in PHP. Xoopsincontent module is also installed. the remote version of Incontent module is prone to a diretorytraversal vulnerability in the way it handles url in the fileindex.php. An attacker, exploting this flw, would be able to access senstivie files on the remote host like /etc/passwd."

Solution: Incontent is no longer mainted. Upgrade to Icontent.

Please email me at: Michael.a.mcdaniel@census.gov

Thank you for your help,

Michael McDaniel

Discussion


Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.