XOOPS Arbitrary Avatar File Upload
High Nessus Network Monitor Plugin ID 2683
SynopsisThe remote host may be tricked into running an executable file.
DescriptionThe remote host is running XOOPS, a web-portal software written in PHP. This version of XOOPS is vulnerable to a flaw where remote attackers can upload arbitrary executable code and then execute the code via a web request. An attacker exploiting this flaw would be able to execute arbitrary code within the context of the web server.
SolutionUpgrade or patch according to vendor recommendations.