Joomla! MooFAQ Component "file" Local File Disclosure

SECUNIA ADVISORY ID:
SA35370

VERIFY ADVISORY:
http://secunia.com/advisories/35370/

DESCRIPTION:
A vulnerability has been reported in the MooFAQ component for
Joomla!, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "file" parameter in
com_moofaq/includes/file_includer.php is not properly verified before
being used to display files, which can be exploited to disclose the
content of arbitrary files.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/8898

RECENT ARTICLE

RECENT POST