Secunia Security Advisory - rgod has discovered a vulnerability in Xoops, which can be exploited by malicious people to disclose sensitive information. Input passed to the xoopsConfig[language] parameter in class/xoopseditor/textarea/editor_registry.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that register_globals is enabled and that magic_quotes_gpc is disabled. The vulnerability has been confirmed in version 2.2.3. Other versions may also be affected.
0d1ce427fb9dd7b5356b6b4e430e01193f4c202fa0861044cff60de0b098bcaf