Description
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
Exploits (1)
References (10)
Core 10
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111125645312693&w=2
Exploit, URL Repurposed x_refsource_misc
http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12848
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/14890
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013485
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14648
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111117241923006&w=2
Vendor Advisory, URL Repurposed x_refsource_misc
http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19754
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14641
Scores
EPSS
0.0546
EPSS Percentile
90.3%
Details
Status
published
Products (3)
ciamos/ciamos
0.9.2_rc1
e-xoops/e-xoops
1.05r3
runcms/runcms
1.1a
Published
May 02, 2005
Tracked Since
Feb 18, 2026