| VID |
210077 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Joomla! program is vulnerable to a remote file include vulnerability via the 'mosConfig_live_site' parameter. Joomla! is an open-source contents management system written in PHP. Joomla!Radio is a third-party module for Joomla!. Joomla!Radio Module version 5 could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the 'mosConfig_live_site' parameter of the
'administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php'
script. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.milw0rm.com/exploits/4401
http://www.frsirt.com/english/advisories/2007/3173
http://secunia.com/advisories/26809
* Platforms Affected:
Joomla!Radio component for Joomla! version 5
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, disable its 'register_globals' setting.
-- OR --
Upgrade to a fixed version of Joomla!Radio Module, when new fixed version becomes available from the Joomla! Web site at http://www.renevanasten.net/downloads/joomla-components.html |
| Related URL |
CVE-2007-4923 (CVE) |
| Related URL |
25664 (SecurityFocus) |
| Related URL |
36603 (ISS) |
|
