XOOPS mydirname Remote Code Execution Exploit

This module exploits a lack of data sanitization when passed to the "mydirname" parameter in specific modules of XOOP web application. This can be exploited to inject and execute arbitrary PHP code to deploy an agent. Successful exploitation requires that "register_globals" is enabled.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Tuesday, July 21, 2009 - 19:00