Joomla AutartiTarot Component "controller" File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA38434

VERIFY ADVISORY:
http://secunia.com/advisories/38434/

DESCRIPTION:
A vulnerability has been discovered in the AutartiTarot component for
Joomla, which can be exploited by malicious users to disclose
potentially sensitive information.

Input passed to the "controller" parameter in administrator/index.php
(when "option" is set to "com_autartitarot") is not properly sanitised
before being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

Successful exploitation requires "Public Back-end" group
credentials.

The vulnerability is confirmed in version 1.0.3. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
B-HUNT3|2

ORIGINAL ADVISORY:
http://packetstormsecurity.org/1001-exploits/joomlaautartitarot-traversal.txt

RECENT ARTICLE

RECENT POST