Agile Technologies Components for Joomla! 'controller' Parameter Local File Include Vulnerability

Bugtraq ID:	39398
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 12 2010 12:00AM
Updated:	Apr 13 2010 01:23PM
Credit:	AntiSecurity
Vulnerable:	Agile Technologies Web TV! 0 Agile Technologies Online Market (com_market) 2.x Agile Technologies Online Flash Games! (com_flashgames) 1.5 Agile Technologies Memory Book! (com_memory) 1.2 Agile Technologies Daily Horoscope! 0 Agile Technologies com_worldrates 0 Agile Technologies com_record 0 Agile Technologies com_onlineexam 1.5 Agile Technologies com_myfiles 1.0 Agile Technologies com_joommail 1.0 Agile Technologies com_diary 1.5 Agile Technologies com_cvmaker version 1.0 Agile Technologies com_arcadegames 1.0 Agile Technologies com_advertising 0.25 Agile Technologies com_addressbook 1.5
Not Vulnerable:

Agile Technologies Components for Joomla! 'controller' Parameter Local File Include Vulnerability

Multiple Agile Technologies components for Joomla! are prone to a local file-include vulnerability because they fail to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

Agile Technologies Components for Joomla! 'controller' Parameter Local File Include Vulnerability

Attackers can exploit this issue via a browser.

The following example URIs are available:

• /data/vulnerabilities/exploits/39398.txt

Agile Technologies Components for Joomla! 'controller' Parameter Local File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Agile Technologies Components for Joomla! 'controller' Parameter Local File Include Vulnerability

References:

• Joomla! Homepage (Joomla!)
  
• Vendor Homepage (Agile Technologies)