OSVDB ID: 72982

Title: Jms FileSeller Component for Joomla! index.php view Parameter Traversal Local File Inclusion

Info

Disclosure

May 28, 2011

Discovery

May 28, 2011

Dates

Exploit

May 28, 2011

Solution

Unknown

Description

Jms FileSeller Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'view' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Exploit Database: 17338
Secunia Advisory ID: 44738
Bugtraq ID: 48024
Packet Storm: http://packetstormsecurity.org/files/101770/Joomla-JMSFileSeller-Local-File-Inclusion.html
Generic Exploit URL: http://securityhome.eu/exploits/exploit.php?eid=16572783984de17ee3675455.04357423
Other Advisory URL: http://securityreason.com/wlb_show/WLB-2011050106
http://www.bugsearch.net/en/11883/joomla-component-comjmsfileseller-local-file-inclusion-vulnerability.html
http://www.xenuser.org/2011/05/28/joomla-component-com_jmsfileseller-local-file-inclusion-vulnerabilit/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/72982