Xoops.Multiple.Modules.SpawControl.Class.PHP.File.Inclusion
Description
Multiple XOOPS modules have a remote file include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially crafted URL request to the 'spaw_control.class.php' script, using the 'spaw_root' parameter to specify a malicious PHP file from a remote system.
Affected Products
XT-Conteudo (module for Xoops) version 1.52 and prior.
Tiny Content (module for Xoops) version 1.5 and prior.
Cjay Content (module pour Xoops) version 3 and prior.
WiwiMod (module pour Xoops) version 0.4 and prior.
iContent (module for XOOPS) version 4.5 and prior.
Impact
System compromise.
Recommended Actions
Currently we are not aware of any official supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |