Description
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
Affected products
References
- MISChttp://www.securityfocus.com/bid/7149
- VENDOR_ADVISORYhttp://www.security-corporation.com/index.php?id=advisories&a=011-FR
- MAILING_LISThttp://marc.info/?l=bugtraq&m=104820295115420&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=104887510828106&w=2
- VENDOR_ADVISORYhttp://secunia.com/advisories/8353
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11587