PT-2007-4501 · Xoops · Xfsection+1

Sp[L]O1T

Published

2007-06-14

Updated

2017-10-11

CVE-2007-3222

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: XOOPS module XFsection version 1.07

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir module parameter in the modify.php file of the XFsection module.

Recommendations: For XOOPS module XFsection version 1.07, consider restricting access to the modify.php file until a patch is available, and avoid using the dir module parameter in the affected module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3222

Affected Products

Xfsection

Xoops

PT-2007-4501 · Xoops · Xfsection+1

CVE-2007-3222

Related Identifiers

Affected Products

References · 4