vendor:
Com_tweetla
by:
AntiSecurity [ Vrs-hCk NoGe OoN_BoY Paman zxvf s4va ]
7,5
CVSS
HIGH
Local File Inclusion
94
CWE
Product Name: Com_tweetla
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: YES
Related CWE: N/A
CPE: a:demo-page.de:com_tweetla:1.0.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
Joomla Component TweetLA! Local File Inclusion Vulnerability
A Local File Inclusion (LFI) vulnerability exists in Joomla Component TweetLA! version 1.0.1. An attacker can exploit this vulnerability to include arbitrary files from the local system, which may lead to the disclosure of sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information, which may aid in launching further attacks.
Mitigation:
Upgrade to the latest version of Joomla Component TweetLA! or apply the appropriate patch.
