Ac3

Name of the Vulnerable Software and Affected Versions: XOOPS and E-XOOPS versions 2.0 Description: The issue allows remote attackers to execute arbitrary code. This is achieved by uploading a PHP file without a MIME image type and then directly accessing the uploaded file. Recommendations: For XOOPS and E-XOOPS version 2.0, consider restricting the upload of files to only those with specific MIME image types to minimize the risk of exploitation. Additionally, restrict direct access to uploaded files until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.