SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
Alfredo Arauz has discovered a vulnerability in the Simple Page
Options module for Joomla!, which can be exploited by malicious
people to disclose sensitive information.
Input passed via the "spo_site_lang" parameter to
modules/mod_spo/email_sender.php is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.
The vulnerability is confirmed in version 1.5.16. Other versions may
also be affected.
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY: