Joomla Colophon Component File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA21288

VERIFY ADVISORY:
http://secunia.com/advisories/21288/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Colophon 1.x (component for Joomla)
http://secunia.com/product/11188/

DESCRIPTION:
Drago84 has discovered a vulnerability in the Colophon component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_colophon/admin.colophon.php is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.1 and reported in
version 1.2. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2085