SECUNIA ADVISORY ID: SA25665
VERIFY ADVISORY:http://secunia.com/advisories/25665/
CRITICAL:Highly critical
IMPACT: Exposure of system information, Exposure of sensitive information, System access
WHERE: >From remote
SOFTWARE: Cjay Content WYSIWYG IE 3.x (module for Xoops) - http://secunia.com/product/14531/
DESCRIPTION: FiSh has discovered a vulnerability in the Cjay Content WYSIWYG IE module for Xoops, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
Input passed to the "spaw_root" parameter in admin/editor2/spaw_control.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is related to: SA20558 SA22383 SA25522 SA25652 SA25667. The vulnerability is confirmed in version 3. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY: FiSh
ORIGINAL ADVISORY: http://milw0rm.com/exploits/4070
OTHER REFERENCES:
SA20558: http://secunia.com/advisories/20558/
SA22383: http://secunia.com/advisories/22383/
SA25522: http://secunia.com/advisories/25522/
SA25652: http://secunia.com/advisories/25652/
SA25667: http://secunia.com/advisories/25667/
Xoops Cjay Content WYSIWYG IE Module *spaw_root* File InclusionPosted on Thursday, June 14, 2007 @ 12:50:39 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
