RETIRED: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
BID:24387
Info
RETIRED: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
| Bugtraq ID: | 24387 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 08 2007 12:00AM |
| Updated: | Jun 08 2007 08:30PM |
| Credit: | Blu3H47 is credited with the discovery of this vulnerability. |
| Vulnerable: |
Joomla JEvents Component 1.4.1 |
| Not Vulnerable: | |
Discussion
RETIRED: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
The Joomla JEvents component is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects JEvents 1.4.1; other versions may also be affected.
NOTE: This BID has been retired because the application has been found not vulnerable.
The Joomla JEvents component is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects JEvents 1.4.1; other versions may also be affected.
NOTE: This BID has been retired because the application has been found not vulnerable.
Exploit / POC
RETIRED: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/component/com_events/includes/comutils.php?mosConfig_absolute_path=
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/component/com_events/includes/comutils.php?mosConfig_absolute_path=
Solution / Fix
RETIRED: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
NOTE: This BID has been retired because the application has been found not vulnerable.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
NOTE: This BID has been retired because the application has been found not vulnerable.
References
RETIRED: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
References:
References:
- Joomla JEvents Web Site (Joomla JEvents)