header-logo
Suggest Exploit
vendor:
com_cartweberp
by:
FL0RiX
8,8
CVSS
HIGH
Local File Inclusion (LFI)
98
CWE
Product Name: com_cartweberp
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component com_cartweberp

The vulnerability exists in the Joomla component com_cartweberp. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains malicious input to the 'controller' parameter which is not properly sanitized before being used to include files. This can allow an attacker to include arbitrary files from the local system and execute arbitrary code on the vulnerable server.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.
Source

Exploit-DB raw data:

@~~=======================================~~@
@~~=Script   : Joomla Component com_cartweberp

@~~=Author   : FL0RiX

@~~=Greez : Deep-Power ,KaCaK,Wretch-x & All Friends

@~~=Bug Type : Local File Inlusion(LFI)

@~~=Dork : inurl:"com_cartweberp"

@~~=======================================~~@

@~~=Vuln

:http://server/ [Yol] /index.php?option=com_cartweberp&controller=[-LFI-]


< ---- Note ---- >
F....N;
Sen çok üstün zekaya sahip birisin,
emin olabilirsin, :)
Sql injection ile domain hackleyebilen tek lamersin, :)
ASP'de Rfi Bulmakta Birebirsin,
Ama Gördügüm En hIyar Lamersin :D
Bu Kafiyelerde Bi TarafIna Girsin ;)
Lol F....N :)
< ---- Note Finished ---- >

Navigation

Suggest Exploit

Services By CQR