Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

XOOPS Arbitrary Avatar File Upload

High

Synopsis

The remote host may be tricked into running an executable file.

Description

The remote host is running XOOPS, a web-portal software written in PHP. This version of XOOPS is vulnerable to a flaw where remote attackers can upload arbitrary executable code and then execute the code via a web request. An attacker exploiting this flaw would be able to execute arbitrary code within the context of the web server.

Solution

Upgrade or patch according to vendor recommendations.