XOOPS mydirname Remote Code Execution Exploit

This module exploits a lack of data sanitization when passed to the "mydirname" parameter in specific modules of XOOP web application. This can be exploited to inject and execute arbitrary PHP code to deploy an agent. Successful exploitation requires that "register_globals" is enabled.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-38580
Product Version: 
9.0
Released Date: 
Wednesday, July 22, 2009 - 00:00