Joomla Security Images Component File Inclusion

SECUNIA ADVISORY ID:
SA21260

VERIFY ADVISORY:
http://secunia.com/advisories/21260/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/

DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083