CVE-2007-1976

Name of the Vulnerable Software and Affected Versions Xoops module Virii Info versions 1.10 and earlier

Description A remote file inclusion issue in the index.php file of the Virii Info module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root path] parameter. However, it has been noted that the application's checkSuperglobals function may defend against this attack.

Recommendations For Xoops module Virii Info versions 1.10 and earlier, consider disabling the index.php file or restricting access to it until a patch or further clarification on the issue is available. As a temporary workaround, review and potentially modify the checkSuperglobals function to ensure it effectively prevents remote file inclusion attacks.