Detections
Analytics
Joomla! / Mambo Component Multiple Parameter Local File Include Vulnerabilities
critical Nessus Plugin ID 43636
Language:
Synopsis
The remote web server contains a PHP application that is affected by multiple local file include vulnerabilities.Description
The remote host contains a component for Joomla! or Mambo that fails to sanitize user-supplied input to multiple parameters in a GET request before using it to include PHP code. Regardless of the PHP 'register_globals' setting, an unauthenticated, remote attacker can exploit this issue to disclose arbitrary files or possibly execute arbitrary PHP code on the remote host, subject to the privileges of the web server user ID.Solution
Contact the vendor of each affected component to see if an upgrade is available or else disable it.Plugin Details
Severity: Critical
ID: 43636
File Name: joomla_components_controller_lfi.nasl
Version: 1.163
Type: remote
Family: CGI abuses
Published: 1/4/2010
Updated: 6/4/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:joomla:joomla%5c%21
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 1/3/2010
Exploitable With
Elliot (Joomla Component com_shoutbox LFI)
Reference Information
CVE: CVE-2010-0157, CVE-2010-0467, CVE-2010-0676, CVE-2010-0944, CVE-2010-0972, CVE-2010-1056, CVE-2010-1081, CVE-2010-1304, CVE-2010-1305, CVE-2010-1306, CVE-2010-1308, CVE-2010-1312, CVE-2010-1314, CVE-2010-1340, CVE-2010-1345, CVE-2010-1352, CVE-2010-1354, CVE-2010-1469, CVE-2010-1470, CVE-2010-1471, CVE-2010-1472, CVE-2010-1473, CVE-2010-1474, CVE-2010-1475, CVE-2010-1478, CVE-2010-1491, CVE-2010-1494, CVE-2010-1534, CVE-2010-1602, CVE-2010-1607, CVE-2010-1653, CVE-2010-1658, CVE-2010-1714, CVE-2010-1715, CVE-2010-1717, CVE-2010-1718, CVE-2010-1719, CVE-2010-1722, CVE-2010-1723, CVE-2010-1858, CVE-2010-1875, CVE-2010-1878, CVE-2010-1952, CVE-2010-1953, CVE-2010-1954, CVE-2010-1956, CVE-2010-1979, CVE-2010-1980, CVE-2010-1981, CVE-2010-2033, CVE-2010-2034, CVE-2010-2035, CVE-2010-2036, CVE-2010-2037, CVE-2010-2050, CVE-2010-2122, CVE-2010-2507, CVE-2010-3426, CVE-2010-4977, CVE-2011-4804
BID: 37583, 37596, 37691, 37987, 38267, 38330, 38715, 38741, 38742, 38743, 38747, 38749, 38751, 38761, 38783, 38911, 38912, 38917, 39174, 39176, 39177, 39178, 39200, 39203, 39208, 39213, 39214, 39222, 39239, 39246, 39248, 39251, 39266, 39267, 39331, 39342, 39383, 39385, 39386, 39387, 39388, 39390, 39398, 39399, 39497, 39506, 39509, 39545, 39547, 39548, 39560, 39562, 39566, 39606, 39607, 39608, 39742, 39743, 40175, 40176, 40177, 40185, 40192, 40244, 40328, 40412, 40440, 40964, 41031, 41358, 42486, 43147, 43820, 46081, 48345, 48944, 56994
CWE: 22