2 matches found
CVE-2006-2516
mainfile.php in XOOPS 2.0.13.2 and earlier, when registerglobals is enabled, allows remote attackers to overwrite variables such as $xoopsOption'nocommon' and conduct directory traversal attacks or include PHP files via 1 xoopsConfiglanguage to misc.php or 2 xoopsConfigthemeset to index.php, as...
CVE-2006-2516
This CVE (CVE-2006-2516) affects XOOPS 2.0.13.2 and earlier when PHP register_globals is enabled. An attacker can overwrite variables (e.g., $xoopsOption['nocommon']) and perform directory traversal or include PHP files by injecting PHP sequences via xoopsConfig[language] to misc.php or via xoops...