I'm getting reports from my security group that we need to upgrade the icontent module. How can I identify what version of Xoops icontent module we are running, is it a service on the window boxs or a program that is installed?
"The remote host is running Xoops a web portail written in PHP. Xoopsincontent module is also installed. the remote version of Incontent module is prone to a diretorytraversal vulnerability in the way it handles url in the fileindex.php. An attacker, exploting this flw, would be able to access senstivie files on the remote host like /etc/passwd."
Solution: Incontent is no longer mainted. Upgrade to Icontent.
Please email me at: Michael.a.mcdaniel@census.gov
Thank you for your help,
Michael McDaniel