Home > News > Security news > PopnupBlog XOOPS Module RFI Vulnerability

PopnupBlog XOOPS Module RFI Vulnerability

4
Vote!
yoshis
yoshis submitted 2007/8/31 12:25, published 2007/8/31 12:10 | 22520 views
Tags:

PopnupBlog (XOOPS Module) Remote File Inclusion Vulnerability.
Reported at http://13337.org/forum/viewtopic.php?p=799

That was combine "contamination" and "Remote File Inclusion" attack. If you use PHP as "register global on" and "allow url fopen on", fix it or update to V3.13 ASAP.

How to fix:
popnupblog/class/sendmail.php (line 26)
----INSERT BELOW
$incpath = XOOPS_ROOT_PATH."/modules/popnupblog/";
----INSERT END

Download:
Download V3.13 from bluemooninc.biz

Reply

Comments (0)

Newest first | Oldest first | Nested view | RSS feed

Trackbacks (0)

Newest first | Oldest first | RSS feed

Trackback URL

Votes (4)

Newest first | Oldest first | RSS feed
 

    Welcome | News | Overview | Documentation | Forum | Tutorialstop
    Brasilian | French | German | Greek | Japanese | Korean | Russian | T-Chinese
    Powered by XOOPS Cube © 2001-2011 The XOOPS Cube Project