HTTP: Joomla Local File Include
This signature detects attempts to exploit a known vulnerability against Joomla Community Builder. Attackers can include an arbitrary local file.
Extended Description
Joomla Community Builder Enhenced is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files onto the application, execute arbitrary local files within the context of the affected application, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code. Versions prior to Joomla Community Builder Enhenced 1.4.11 are vulnerable.
Affected Products
Joomla cbe
Short Name
HTTP:PHP:JOOMLA-LOC-FILE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
File Include Joomla Local bid:43873
Release Date
12/07/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Joomla