Affected Versions:
Xoops: Xoops 2.4
Xoops 2.3.3
Xoops 2.3.2 B
Xoops 2.3.2
Xoops 2.2.5
Xoops 2.2.3 RC1
Xoops 2.2.3
Xoops 2.2.1
Xoops 2.0.18 1
Xoops 2.0.18
Xoops 2.0.17 1
Xoops 2.0.15
Xoops 2.0.14
Xoops 2.0.13. 2
Xoops 2.0.13. 1
Xoops 2.0.12
Xoops 2.0.12
Xoops 2.0.11
Xoops 2.0.10
Xoops 2.0.9. 3
Xoops 2.0.9. 2
Xoops 2.0.5.2
Xoops 2.0.5.1
Xoops 2.0.5
Xoops 2.0.3
Xoops 2.0.2
Xoops 2.0.1
Xoops: Xoops 2.0
Xoops: Xoops 2.3
Xoops 2.0.16 core vulnerability description:
Bugraq ID: 37028
XOOPS is an open-source content management program.
XOOPS does not correctly verify the activation type permission. By requesting the application to resend the activation Email, you can bypass the Administrator's approval to activate new users. <* Reference
Http://www.xoops.org/modules/newbb/viewtopic.php? Post_id = 319132
Http://secunia.com/advisories/37274/
*>
Security suggestions:
Xoops 2.4.1 has fixed this vulnerability. We recommend that you download and use it:
Http://www.xoops.org/modules/news/article.php? Storyid = 5096.