CVE-2007-5188

Name of the Vulnerable Software and Affected Versions Xoops versions 2.0.17.1-RC1 and earlier

Description The issue is related to an unspecified vulnerability in the XOOPS uploader class, allowing remote attackers to upload arbitrary files. This is possibly due to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, which may include an incomplete blacklist that omits the .php4 extension.

Recommendations For Xoops versions 2.0.17.1-RC1 and earlier, consider restricting access to the uploader class until a fix is available. As a temporary workaround, review and update the upload configuration settings in class/uploader.php and class/mimetypes.inc.php to ensure that all potentially executable file extensions, including .php4, are properly blacklisted.