Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnerability

Bugtraq ID:	12754
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 08 2005 12:00AM
Updated:	Mar 08 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to pokley <[email protected]>.
Vulnerable:	Xoops Xoops 2.0.9 .2 Xoops Xoops 2.0.5 .2 Xoops Xoops 2.0.5 .1 Xoops Xoops 2.0.5 Xoops Xoops 2.0.3 Xoops Xoops 2.0.2 Xoops Xoops 2.0.1 Xoops Xoops 2.0 Xoops Xoops 1.3.10 Xoops Xoops 1.3.9 Xoops Xoops 1.3.8 Xoops Xoops 1.3.7 Xoops Xoops 1.3.6 Xoops Xoops 1.3.5 Xoops Xoops 1.0 RC1 Xoops Xoops 1.0 RC3.0.5 Xoops Xoops 1.0 RC3
Not Vulnerable:	Xoops Xoops 2.0.9 .3

Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnerability

Xoops is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded using custom avatar upload functionality.

A subsequent request for an uploaded script will result in the execution of the script code in the context of the hosting web server.

This vulnerability is reported to affect Xoops version 2.0.9.2 and previous versions.

Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnerability

No exploit is required.

Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnerability

Solution:
The vendor has released a patch to bring version 2.0.9.2 up to version 2.0.9.3 and resolve this issue.


Xoops Xoops 2.0.9 .2

• Xoops Xoops 2.0.9.2 to 2.0.9.3 Patch
  http://www.xoops.org/modules/core/singlefile.php?cid=4&lid=50

Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnerability

References:

• ProManager Homepage (Promanager)
  
• XOOPS 2.0.9.3 Patch Released (Xoops)
  
• [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension (pokley )