VULHUB ™

Xoops is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded using custom avatar upload functionality. A subsequent request for an uploaded script will result in the execution of the script code in the context of the hosting web server. This vulnerability is reported to affect Xoops version 2.0.9.2 and previous versions.

Xoops is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded using custom avatar upload functionality. A subsequent request for an uploaded script will result in the execution of the script code in the context of the hosting web server. This vulnerability is reported to affect Xoops version 2.0.9.2 and previous versions.