Joomla! En Masse Component Local and Remote File Include Vulnerabilities

Summary

Joomla! En Masse Component is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54926
The information has been provided by Ehram Shahmohamadi .


Details

Vulnerable Systems:
 *Joomla! En Masse Component Local and Remote File Include Vulnerabilities

Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the web server process or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.Versions prior to En Masse 3.1.3 are vulnerable.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release: Aug 09 2012

Categories: News