SECUNIA ADVISORY ID:
SA32520

VERIFY ADVISORY:
http://secunia.com/advisories/32520/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Flash Tree Gallery 1.x (component for Joomla!)
http://secunia.com/advisories/product/20313/

DESCRIPTION:
NoGe has reported a vulnerability in the Flash Tree Gallery component
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

Input passed to the "mosConfig_live_site" parameter in
administrator/components/com_treeg/admin.treeg.php is not properly
verified before being used to include files. This can be exploited to
include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 1.0. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6928