SECUNIA ADVISORY ID:
SA21288
VERIFY ADVISORY:http://secunia.com/advisories/21288/CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Colophon 1.x (component for Joomla)
http://secunia.com/product/11188/DESCRIPTION:
Drago84 has discovered a vulnerability in the Colophon component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_colophon/admin.colophon.php is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 1.1 and reported in
version 1.2. Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY:
Drago84
ORIGINAL ADVISORY:http://milw0rm.com/exploits/2085