SECUNIA ADVISORY ID:
SA44883
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44883/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44883
RELEASE DATE:
2011-06-14
DESCRIPTION:
Two vulnerabilities have been discovered in the Core Design
Scriptegrator plugin for Joomla!, which can be exploited by malicious
people to disclose sensitive information.
1) Input passed to the "files[]" parameter in
plugins/system/cdscriptegrator/libraries/highslide/css/cssloader.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources via
directory traversal attacks and URL-encoded NULL bytes.
2) Input passed to the "file" parameter in
plugins/system/cdscriptegrator/libraries/jquery/theme/cssloader.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources via
directory traversal attacks and URL-encoded NULL bytes.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities are confirmed in version 1.5.5. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY:
jdc