XOOPS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to missing permission checks within the 'b_system_comments_show()' function in 'htdocs/modules/system/blocks/system_blocks.php', which will disclose comments of restricted modules resulting in a loss of confidentiality.
Upgrade to version 2.0.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
XOOPS b_system_comments_show() Information Disclosure
Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1808484&group_id=41586&atid=430840 Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=41586&release_id=564689 Secunia Advisory ID:28264 CVE-2007-6675 Bugtraq ID: 27135