vendor:
Joomla Visites
by:
NoGe
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Joomla Visites
Affected Version From: 1.1 RC2
Affected Version To: 1.1 RC2
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla-visites:joomla-visites:1.1rc2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Joomla Visites 1.1 RC2 Remote File Inclusion Vulnerability
A vulnerability exists in com_joomla-visites version 1.1 RC2, which allows an attacker to include a remote file by sending a specially crafted request to the vulnerable file 'administrator/components/com_joomla-visites/core/include/myMailer.class.php'. The vulnerable code is 'require_once $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php';' which allows an attacker to include a remote file by sending a specially crafted request to the vulnerable file.
Mitigation:
The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.