vendor:
JoomlaPack
by:
Cold z3ro
N/A
CVSS
HIGH
Remote File Include
98
CWE
Product Name: JoomlaPack
Affected Version From: 1.0.4a2
Affected Version To: 1.0.4a2
Patch Exists: NO
Related CWE:
CPE: a:joomla:joomlapack:1.0.4a2
Platforms Tested:
2007
Joomla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) Remote File Include Vulnerabilities
The JoomlaPack component version 1.0.4a2 is vulnerable to remote file inclusion. The vulnerability exists in the CAltInstaller.php file, where the mosConfig_absolute_path parameter is not properly sanitized, allowing an attacker to include arbitrary files from remote servers. This can lead to remote code execution and compromise of the affected system.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of JoomlaPack and ensure that the mosConfig_absolute_path parameter is properly sanitized and restricted to local files only.