Description: Larok has reported a vulnerability in the Incontent module for Xoops, which can be exploited by malicious people to disclose sensitive information. Input passed to the "url" parameter in "index.php" isn't properly verified, before it is used to view files. This can be exploited to disclose the contents of arbitrary local files. The vulnerability has been reported in version 3.0. Other versions may also be affected. Solution: Edit the source code to ensure that input is properly sanitised.
Hmm... Apparently Incontent is an outdated optional module for Xoops, not shipped in our package and not in the module repository from xoops. Closing as INVALID, please reopen if you find evidence that our Xoops includes a vulnerable version of Incontent.