Test ID:	1.3.6.1.4.1.25623.1.0.801932
Category:	Web application abuses
Title:	XOOPS 'imagemanager.php' Local File Inclusion Vulnerability
Summary:	XOOPS is prone to local file inclusion vulnerability.
Description:	Summary: XOOPS is prone to local file inclusion vulnerability. Vulnerability Insight: The flaw is due to input validation error in 'target' parameter to 'imagemanager.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences. Vulnerability Impact: Successful exploitation could allow attackers to perform file inclusion attacks and read arbitrary files on the affected application. Affected Software/OS: XOOPS version 2.5.0 and prior. Solution: Upgrade to version 2.5.1 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.