Joomla! YJ Contact Us Component &quot;view&quot; Local File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA46588

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46588/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46588

RELEASE DATE:
2011-10-28
DESCRIPTION:
A vulnerability has been reported in the YJ Contact Us component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed via the "view" parameter to index.php (when "option" is
set to "com_yjcontactus") is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks and URL-encoded
NULL bytes.

The vulnerability is reported in versions prior to 1.0.1.

SOLUTION:
Update to version 1.0.1.

PROVIDED AND/OR DISCOVERED BY:
MeGo

ORIGINAL ADVISORY:
YJ Contact Us:
http://www.youjoomla.com/yj-contact-us-1.0.1-released.html
http://www.youjoomla.com/joomla_support/announcements/9234-yj-contact-us-vulnerability-discovered-immediate-update-required.html#post42181

Joomla! YJ Contact Us Component "view" Local File Inclusion Vulnerability

RECENT ARTICLE

RECENT POST

ลิงก์ที่เกี่ยวข้อง

ลิงก์อื่นๆ ที่เกี่ยวข้องกับจูมล่า