SECUNIA ADVISORY ID: SA32367 VERIFY ADVISORY: http://secunia.com/advisories/32367/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From remote SOFTWARE: RWCards 3.x (component for Joomla) http://secunia.com/advisories/product/20228/ DESCRIPTION: Vrs-hCk has discovered a vulnerability in the RWCards component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Input passed to the "img" parameter in captcha/captcha_image.php is not properly sanitised before being used. This can be exploited to display arbitrary files via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 3.0.11. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Vrs-hCk ORIGINAL ADVISORY: http://milw0rm.com/exploits/6817