Xoops versions 2.4.3 and below suffer from file deletion and HTTP response splitting vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85393/codescan-xoops.txt
Source: https://packetstormsecurity.com/files/85393/Xoops-2.4.3-File-Deletion-HTTP-Response-Splitting.html