vendor:
com_if_nexus
by:
Fl0riX
7.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: com_if_nexus
Affected Version From: 1
Affected Version To: 2
Patch Exists: YES
Related CWE: CVE-2020-12345
CPE: o:joomla:joomla
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=142058, https://www.infosecmatter.com/nessus-plugin-library/?id=106846, https://www.infosecmatter.com/nessus-plugin-library/?id=106845, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/hp/data_protector_rds, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/tftp/attftp_long_filename, https://www.infosecmatter.com/nessus-plugin-library/?id=94365, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/windows/http/ms10_065_ii6_asp_dos, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/misc/nettransport, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/http/apache_range_dos, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/udp/udp_amplification
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2020
Joomla Component com_if_nexus
The Joomla component com_if_nexus is vulnerable to a Local File Inclusion vulnerability. This vulnerability allows an attacker to include a local file on the server, such as a configuration file, and execute arbitrary code. This vulnerability is due to the lack of proper input validation in the application. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to the target user.
Mitigation:
To mitigate this vulnerability, the application should validate all user-supplied input and ensure that it is properly sanitized.