Short Name |
HTTP:PHP:JOOMLA-LOC-FILE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Joomla Local File Include |
Release Date |
2010/12/07 |
Update Number |
1827 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Joomla Community Builder. Attackers can include an arbitrary local file.
Joomla Community Builder Enhenced is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files onto the application, execute arbitrary local files within the context of the affected application, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code. Versions prior to Joomla Community Builder Enhenced 1.4.11 are vulnerable.