vendor:
DBQuery
by:
SsEs
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: DBQuery
Affected Version From: 1.4.1 Final
Affected Version To: 1.4.1 Final
Patch Exists: YES
Related CWE: N/A
CPE: a:green_mountain_information_technology_consulting:dbquery
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Joomla com_dbquery Remote file Inclusion
A remote file inclusion vulnerability exists in Joomla com_dbquery component. The vulnerability is due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'administrator/components/com_dbquery/classes/DBQ/admin/common.class.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by including a malicious file from a remote location.
Mitigation:
Upgrade to the latest version of Joomla com_dbquery component.