วันศุกร์ที่ ๒๘ ตุลาคม ๒๕๕๔ เวลา ๑๕:๒๒ น.
DOCMan LaiThai
ผู้ชม: 254
SECUNIA ADVISORY ID:
SA46588
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46588/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46588
RELEASE DATE:
2011-10-28
DESCRIPTION:
A vulnerability has been reported in the YJ Contact Us component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.
Input passed via the "view" parameter to index.php (when "option" is
set to "com_yjcontactus") is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks and URL-encoded
NULL bytes.
The vulnerability is reported in versions prior to 1.0.1.
SOLUTION:
Update to version 1.0.1.
PROVIDED AND/OR DISCOVERED BY:
MeGo
ORIGINAL ADVISORY:
YJ Contact Us:
http://www.youjoomla.com/yj-contact-us-1.0.1-released.html
http://www.youjoomla.com/joomla_support/announcements/9234-yj-contact-us-vulnerability-discovered-immediate-update-required.html#post42181
