Multiple Local File-Include Vulnerabilities in Percha Components for Joomla

vendor:

Percha Components for Joomla

by:

Unknown

7.5

CVSS

HIGH

Local File-Include

CWE

Product Name: Percha Components for Joomla

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Not specified

CPE: Not specified

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Multiple Local File-Include Vulnerabilities in Percha Components for Joomla

The Percha components for Joomla are prone to multiple local file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to obtain sensitive information and execute arbitrary local scripts in the context of the webserver process, potentially compromising the application and the computer. Other attacks are also possible.

Mitigation:

It is recommended to update the Percha components to the latest version. Additionally, input validation and sanitization should be implemented to prevent the exploitation of local file-include vulnerabilities.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40244/info

Multiple Percha components for Joomla are prone to multiple local file-include vulnerabilities because they fail to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

The following Percha components are affected:

com_perchaimageattach
com_perchafieldsattach
com_perchadownloadsattach
com_perchagallery
com_perchacategoriestree 

 http://www.example.com/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00