Vulnerability reported for Xoops Icontent module

The world's leading content management systems (CMS) written in PHP

Brought to you by: angelorocha, beckmi, cesag, irmtfan, and 3 others

#187 Vulnerability reported for Xoops Icontent module

Milestone: Patches

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-09-25

Created: 2008-12-02

Creator: Michael McDaniel

Private: No

I'm getting reports from my security group that we need to upgrade the icontent module. How can I identify what version of Xoops icontent module we are running, is it a service on the window boxs or a program that is installed?

"The remote host is running Xoops a web portail written in PHP. Xoopsincontent module is also installed. the remote version of Incontent module is prone to a diretorytraversal vulnerability in the way it handles url in the fileindex.php. An attacker, exploting this flw, would be able to access senstivie files on the remote host like /etc/passwd."

Solution: Incontent is no longer mainted. Upgrade to Icontent.

Please email me at: Michael.a.mcdaniel@census.gov

Thank you for your help,

Michael McDaniel

Vulnerability reported for Xoops Icontent module

The world's leading content management systems (CMS) written in PHP

Group

Searches

Help

#187 Vulnerability reported for Xoops Icontent module

Discussion