highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ciamos | Ciamos | 0.9.2_rc1 (including) | 0.9.2_rc1 (including) |
| E-xoops | E-xoops | 1.05r3 (including) | 1.05r3 (including) |
| Runcms | Runcms | 1.1a (including) | 1.1a (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2
- http://secunia.com/advisories/14641
- http://secunia.com/advisories/14648
- http://securitytracker.com/id?1013485
- http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
- http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
- http://www.osvdb.org/14890
- http://www.securityfocus.com/bid/12848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19754
- http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2
- http://secunia.com/advisories/14641
- http://secunia.com/advisories/14648
- http://securitytracker.com/id?1013485
- http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
- http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
- http://www.osvdb.org/14890
- http://www.securityfocus.com/bid/12848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19754