The 2006/05/23 security patch has been released to fix the security issue disclosed as Secunia Advisory 20176.
Please note that this issue only concerns servers configured with register_globals set to on, which is not recommended.
But we recommend that every XOOPS 2.X user apply it, especially those who are forced to use a 2.0.x version older than 2.0.13.2, since the additional protection it contains may protect you from other issues known to these old versions.
Download:XOOPS 2006/05/23 security patch (.tar.gz)XOOPS 2006/05/23 security patch (.zip)Installation instructions:
- MAKE A BACKUP COPY OF mainfile.php
- Ensure the web server has write access to this file
- Upload the security060523 folder and its content to your XOOPS document root
- Login as an administrator
- Apply the patch by browsing to /security060523/
- DELETE THE PATCH FOLDER
- WRITE-PROTECT mainfile.php AGAIN
The XOOPS development team.