Joomla! VPortfolio Component Unspecified File Disclosure Vulnerability

SECUNIA ADVISORY ID:
SA45570

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45570/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45570

RELEASE DATE:
2011-08-13

DESCRIPTION:
A vulnerability has been reported in the VPortfolio component for
Joomla!, which can be exploited by malicious users to disclose
sensitive information.

Certain unspecified input is not properly verified before being used.
This can be exploited to disclose the contents of arbitrary files from
local resources via directory traversal sequences.

The vulnerability is reported in versions prior to 1.2.

SOLUTION:
Update to version 1.2.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
VPortfolio:
http://vsmart-extensions.com/index.php?option=com_content&view=article&id=61:vportfolio-security-release-statement&catid=35:joomla-extensions&Itemid=137

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#V-portfolio

RECENT ARTICLE

RECENT POST