Joomla JIM Component File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA21545

VERIFY ADVISORY:
http://secunia.com/advisories/21545/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
JIM 1.x (component for Joomla)
http://secunia.com/product/11574/

DESCRIPTION:
XORON has discovered a vulnerability in the JIM component for Joomla,
which can be exploited by malicious people to compromise a vulnerable
system.

Input passed to the "mosConfig_absolute_path" parameter in
components/com_jim/install.jim.php is not properly verified, before
it is used to include files. This can be exploited to include
arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.0.1. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that the input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
XORON

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2203