Description: A weakness has been reported in XOOPS, which can be exploited by malicious users to bypass certain security restrictions.
The weakness is caused due to missing permission checks within the "b_system_comments_show()" function in htdocs/modules/system/blocks/system_blocks.php. This can be exploited to read the comments of restricted modules.
The weakness is reported in versions prior to 2.0.18.
Solution: Update to version 2.0.18.
Provided and/or discovered by: Reported by InstantZero.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
