Protector Security Fix for XOOPS 2.0.x and 2.2.x users
Category : Security
Published by Mamba on 28-Nov-2008 14:13
Security is always the highest priority for XOOPS, and therefore we are releasing Security Updates as soon as we find a viable solution.
This is a temporary quick fix for Protector
module, addressing potential local file inclusion vulnerability reported by DSRG. We hope that GIJOE, the author of Protector, will address this issue in future releases.It is included in XOOPS 2.3.2a Security release, but if you're using Protector on XOOPS 2.0.x or 2.2.x, and your XOOPS_TRUST_PATH is located inside the Root, you are advised to upgrade to the version included in this package.If your XOOPS_TRUST_PATH is outside of the Root (as you should!), you're not affected by this vulnerability.
For more information on how to make your XOOPS installation more secure, please read this article
Download the fix here
XOOPS Development Team
November 28th, 2008