JCE Admin Component for Joomla Multiple Local File-Include Vulnerabilities
BID:21491
Info
JCE Admin Component for Joomla Multiple Local File-Include Vulnerabilities
| Bugtraq ID: | 21491 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 08 2006 12:00AM |
| Updated: | Dec 08 2006 06:49PM |
| Credit: | Gummiente is credited with the discovery of this vulnerability. |
| Vulnerable: |
Joomla JCE Admin 1.1 beta 2 Joomla JCE Admin 1.0.4 |
| Not Vulnerable: | |
Discussion
JCE Admin Component for Joomla Multiple Local File-Include Vulnerabilities
JCE Admin Component for Joomla is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Successful exploits may allow remote attackers to view arbitrary files and to execute local scripts in the context of the webserver process. Other attacks may also possible.
JCE Admin Component 1.1.0 beta 2 and prior versions are vulnerable.
JCE Admin Component for Joomla is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Successful exploits may allow remote attackers to view arbitrary files and to execute local scripts in the context of the webserver process. Other attacks may also possible.
JCE Admin Component 1.1.0 beta 2 and prior versions are vulnerable.
Exploit / POC
JCE Admin Component for Joomla Multiple Local File-Include Vulnerabilities
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
References
JCE Admin Component for Joomla Multiple Local File-Include Vulnerabilities
References:
References:
- JCE Admin (Cellardoor)