Home > News > Security news > PopnupBlog XOOPS Module RFI Vulnerability

PopnupBlog XOOPS Module RFI Vulnerability

4
yoshis
yoshis submitted 2007/8/31 12:25, published 2007/8/31 12:10 | 21761 views
Tags:

PopnupBlog (XOOPS Module) Remote File Inclusion Vulnerability.
Reported at http://13337.org/forum/viewtopic.php?p=799

That was combine "contamination" and "Remote File Inclusion" attack. If you use PHP as "register global on" and "allow url fopen on", fix it or update to V3.13 ASAP.

How to fix:
popnupblog/class/sendmail.php (line 26)
----INSERT BELOW
$incpath = XOOPS_ROOT_PATH."/modules/popnupblog/";
----INSERT END

Download:
Download V3.13 from bluemooninc.biz

Comments (0)

Newest first | Oldest first | Nested view | RSS feed

Trackbacks (0)

Newest first | Oldest first | RSS feed

Votes (4)

Newest first | Oldest first | RSS feed
 
    Activity | Contributions



    Who's Online
    22 user(s) are online (1 user(s) are browsing Plugg(Plugg))

    Members: 0
    Guests: 22

    more...

    Welcome | News | Overview | Documentation | Forum | Tutorialstop
    Brasilian | French | German | Greek | Japanese | Korean | Russian | T-Chinese
    Powered by XOOPS Cube 2001-2011 The XOOPS Cube Project