vendor:
N/A
by:
DevilZ TM By D3v1l
7,5
CVSS
HIGH
Local File Inclusion (LFI)
98
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Joomla Component com_blog LFI Vulnerability
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component com_blog, which allows an attacker to include a file from the local file system of the web server. This can be exploited to gain access to sensitive information, such as the /etc/passwd file, by sending a specially crafted HTTP request to the vulnerable application.
Mitigation:
The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to LFI attacks. This can be done by validating user input and ensuring that the application does not allow the inclusion of arbitrary files from the local file system.
