jeeventcalenda LFI

vendor:

jeeventcalendar

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: jeeventcalendar

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

The jeeventcalendar component of Joomla has three different managers: Category Management, Event Management, and Event Setting. An attacker can exploit the Local File Inclusion vulnerability by appending the 'view' parameter with the LFI payload.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

Critical Level     : HIGH
Google Dork: inurl:/component/jeeventcalendar/
Price:$10.00
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
Description:-

100% MVC structure follow. There are three different managers in that
component:-

1. Category Management
2. Event Management
3. Event Setting

#######################################################################################################
Xploit:jeeventcalenda LFI


DEMO URL : http://server/component/jeeventcalendar/?view=[LFI]

###############################################################################