Xoops XT-Conteudo Module *spaw_root* File Inclusion Date: Thursday, June 14, 2007 @ 17:25:08 CDT Topic: Security SECUNIA ADVISORY ID: SA25667 VERIFY ADVISORY: http://secunia.com/advisories/25667/ CRITICAL: Highly critical IMPACT: Exposure of system information, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: XT-Conteudo 1.x (module for Xoops) - http://secunia.com/product/14529/ DESCRIPTION: FiSh has discovered a vulnerability in the XT-Conteudo module for Xoops, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Input passed to the "spaw_root" parameter in admin/spaw/spaw_control.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is related to: SA20558 SA22383 SA25522 SA25652. The vulnerability is confirmed in version 1.52. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. Disable SPAW and remove the admin/spaw/ directory. PROVIDED AND/OR DISCOVERED BY: FiSh ORIGINAL ADVISORY: http://milw0rm.com/exploits/4069 OTHER REFERENCES: SA20558: http://secunia.com/advisories/20558/ SA22383: http://secunia.com/advisories/22383/ SA25522: http://secunia.com/advisories/25522/ SA25652: http://secunia.com/advisories/25652/ This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2966