Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
TITLE: Joomla JEvents Component Comutils.PHP Remote File Include Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 08 2007 12:00AM
UPDATE: Jun 08 2007 12:00AM
CREDIT: Blu3H47 is credited with the discovery of this vulnerability.
VULNERABLE:
Joomla JEvents Component 1.4.1NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
The Joomla JEvents component is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects JEvents 1.4.1; other versions may also be affected.
Exploit
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/component/com_events/includes/comutils.php?mosConfig_absolute_path=
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Joomla JEvents Web Site (Joomla JEvents)
PhpLog
Keywords for this page:
blu3h47 php (from google) first seen: 2007-09-18 03:34:10 hit: 2
file include joomla com_events (from google) first seen: 2007-09-27 18:53:36
t (from google) first seen: 2007-10-18 01:46:01 hit: 53
blu3h47 (from google) first seen: 2007-10-25 23:28:03 hit: 14
joomla com_events and googlebot (from google) first seen: 2008-03-22 09:48:58
joomla com_events (from google) first seen: 2008-03-28 13:04:10 hit: 12
jevents exploit (from google) first seen: 2008-04-10 15:06:56 hit: 8
joomla mailto component exploit (from google) first seen: 2008-04-11 12:25:05 hit: 2
com_events exploit (from google) first seen: 2008-04-11 23:34:50 hit: 14
jevents component (from google) first seen: 2008-04-16 14:50:56
componenti joomla com_events (from google) first seen: 2008-04-17 10:12:44
com_events remote file (from google) first seen: 2008-04-22 14:50:11 hit: 5
mailto component (from google) first seen: 2008-04-24 00:29:58 hit: 3
com_events googlebot (from google) first seen: 2008-04-25 23:36:46 hit: 2
joomla mailto (from google) first seen: 2008-05-06 17:50:48 hit: 6
vulnerable com_events (from google) first seen: 2008-05-08 03:08:57
links componente jevents joomla (from google) first seen: 2008-05-12 21:38:08
exploit malicious php remote mambo (from google) first seen: 2008-05-13 15:35:37
remote file İnclude vulnerability (from google) first seen: 2008-05-14 11:28:24
component/com_events (from google) first seen: 2008-05-15 15:39:21
joomla mailto component (from google) first seen: 2008-05-16 01:53:00 hit: 4
component jevents (from google) first seen: 2008-05-20 01:11:35
jevents (from google) first seen: 2008-05-20 10:08:43
mambo com_events vuln (from google) first seen: 2008-05-26 20:29:54
joomla remote file inclusion 2008 (from google) first seen: 2008-05-26 21:23:32
exploit joomla remote file inclusion (from google) first seen: 2008-05-29 15:24:27
include joomla (from google) first seen: 2008-05-30 17:23:23 hit: 2
joomla com_events -inurl:com_events (from google) first seen: 2008-06-02 17:11:33
joomla exploit com_events (from google) first seen: 2008-06-02 17:16:06 hit: 2
joomla remote file inclusion exploit (from google) first seen: 2008-06-03 14:45:18
mailto component joomla (from google) first seen: 2008-06-06 19:00:27
exploit joomla (from google) first seen: 2008-06-09 12:07:00 hit: 22
exploit joomla website (from google) first seen: 2008-06-12 00:02:42
com_events vulnerabilities (from google) first seen: 2008-06-16 03:08:11
componente mailto mambo (from google) first seen: 2008-06-16 17:42:57
joomla com_events component (from google) first seen: 2008-06-16 20:47:55
jevents joomla (from google) first seen: 2008-06-18 06:23:09 hit: 5
joomla mailto error (from google) first seen: 2008-06-22 15:44:09
remote file inclusion 2008 (from google) first seen: 2008-06-24 12:29:55 hit: 2
jevents vulnerability (from google) first seen: 2008-06-26 08:53:15 hit: 3
joomla jevents security (from google) first seen: 2008-07-02 01:44:38
include php file in joomla page (from google) first seen: 2008-07-04 15:51:09
jevents googlebot (from google) first seen: 2008-07-07 03:10:36 hit: 3
mambo com_events exploit (from google) first seen: 2008-07-09 21:10:41
mambo remote file include (from google) first seen: 2008-07-09 21:24:19
remote file include vulnerability (from google) first seen: 2008-07-10 04:11:28
exploiting joomla (from google) first seen: 2008-07-11 11:18:18 hit: 4
joomla exploit (from google) first seen: 2008-07-13 18:07:22 hit: 27
exploit joomla com_events (from google) first seen: 2008-07-14 18:58:53
joomla vulnerabilities (from google) first seen: 2008-07-14 21:04:20
joomla componente mailto (from google) first seen: 2008-07-20 03:30:44
jomla exploit (from google) first seen: 2008-07-21 09:51:24 hit: 2
joomla jevents (from google) first seen: 2008-07-21 12:35:07
xploit joomla! (from google) first seen: 2008-07-22 01:15:58
joomla remote exploit (from google) first seen: 2008-07-22 02:15:34 hit: 4
include php joomla (from google) first seen: 2008-07-24 18:28:03
joomla remote file inclusion (from google) first seen: 2008-07-26 04:22:59
com_events exploits (from google) first seen: 2008-07-26 15:26:35 hit: 3
jevents référencement (from google) first seen: 2008-07-27 02:16:18
uri is joomla (from google) first seen: 2008-07-27 07:43:07
joomla! exploit (from google) first seen: 2008-07-30 06:42:19 hit: 2
joomla mailto: errore (from google) first seen: 2008-07-30 22:49:09
jevents component joomla (from google) first seen: 2008-07-31 10:40:13
joomla exploit remote file include (from google) first seen: 2008-07-31 20:44:04
f (from google) first seen: 2008-08-04 18:16:04 hit: 10
exploits joomla (from google) first seen: 2008-08-08 19:12:30 hit: 6
remote file include (from google) first seen: 2008-08-09 21:42:07
include remote php in joomla (from google) first seen: 2008-08-12 15:36:42
joomla xploit (from google) first seen: 2008-08-14 11:07:26 hit: 2
exploiting joomla vulnerabilities (from google) first seen: 2008-08-15 13:22:08
joomla exploits 2008 (from google) first seen: 2008-08-16 19:15:38 hit: 3
componente mailto (from google) first seen: 2008-08-20 22:35:13
mailto error joomla (from google) first seen: 2008-08-21 10:06:21
googlebot com_events (from google) first seen: 2008-08-24 04:59:34
jevents vuln (from google) first seen: 2008-08-24 18:54:17 hit: 2
xploit joomla (from google) first seen: 2008-08-25 04:33:28 hit: 4
exploid joomla (from google) first seen: 2008-08-27 14:45:13
com_events compromised joomla (from google) first seen: 2008-08-28 13:11:16
joomla exploit code (from google) first seen: 2008-08-29 14:22:29 hit: 2
joomla exploits (from google) first seen: 2008-08-30 16:55:51 hit: 4
includes php googlebot (from google) first seen: 2008-08-30 20:57:27
joomla exploit 2008 (from google) first seen: 2008-08-31 00:20:37 hit: 8
joomla com_events googlebot (from google) first seen: 2008-08-31 19:03:08
exploit mambo (from google) first seen: 2008-09-01 16:47:39
mambo com_events vulnerabilities (from google) first seen: 2008-09-01 18:40:00
get joomla exploit (from google) first seen: 2008-09-04 07:40:39
exploit joomla 2008 (from google) first seen: 2008-09-05 00:40:23
joomla (from google) first seen: 2008-09-05 14:39:16 hit: 2
joomla 1 5 remote exploit (from google) first seen: 2008-09-05 16:23:31 hit: 3
joomla exploit remote file inclusion (from google) first seen: 2008-09-07 17:09:05
joomla exploit remote (from google) first seen: 2008-09-07 17:10:36
exploit remote file include (from google) first seen: 2008-09-08 18:49:00
vulnerabilities joomla (from google) first seen: 2008-09-09 16:54:46
www bnlug org (from google) first seen: 2008-09-14 20:29:19 hit: 5
joomla exploit 2008 (from google) first seen: 2008-09-15 22:14:52
joomla com_events vulnerability (from google) first seen: 2008-09-16 15:31:58
include php file joomla (from google) first seen: 2008-09-17 17:58:24
joomla mailto: (from google) first seen: 2008-09-17 22:24:54
component com_events in joomla (from google) first seen: 2008-09-18 07:23:41
com_events vulnerability (from google) first seen: 2008-09-18 15:26:03 hit: 2
com_events vuln (from google) first seen: 2008-09-20 00:37:07
remote file inclusion vulnerability (from google) first seen: 2008-09-23 00:37:14
joomla! exploit 2008 (from google) first seen: 2008-09-27 21:23:17
com_events joomla (from google) first seen: 2008-09-30 08:33:18 hit: 3
jomla vulnerabilities (from google) first seen: 2008-10-02 11:44:32
mailto in joomla (from google) first seen: 2008-10-03 05:23:49
remote file include vulnerabilities (from google) first seen: 2008-10-06 01:14:34
jevents joomla code (from google) first seen: 2008-10-06 18:31:30
joomla exploit remote code (from google) first seen: 2008-10-07 19:36:58
joomla remote file vulnerability (from google) first seen: 2008-10-07 22:26:57
joomla exploiting (from google) first seen: 2008-10-08 12:27:30
jevents remote (from google) first seen: 2008-10-10 04:06:17
joomla exploid (from google) first seen: 2008-10-12 01:58:36
joomla mailto security (from google) first seen: 2008-10-13 20:18:11
joomla vulnerabilities 2008 (from google) first seen: 2008-10-15 01:31:29 hit: 2
remote file include vulnerabilities 2008 (from google) first seen: 2008-10-15 11:00:14
joomla mailto componen (from google) first seen: 2008-10-16 22:15:02
jevents and google (from google) first seen: 2008-10-17 18:35:22
including file in joomla (from google) first seen: 2008-10-21 19:36:38
vulnerability com_events (from google) first seen: 2008-10-21 21:34:41
joomla includes vulnerability (from google) first seen: 2008-10-22 04:17:08
jevents google (from google) first seen: 2008-10-26 21:09:00
include php page in component joomla (from google) first seen: 2008-10-27 09:30:42
jevents com_events (from google) first seen: 2008-10-29 10:31:02
joomla exploit execute php (from google) first seen: 2008-10-29 11:38:09
joomla jevents component error (from google) first seen: 2008-10-30 03:37:14
jevents component error in joomla (from google) first seen: 2008-10-30 04:52:24
jevents joomla componente (from google) first seen: 2008-10-30 17:21:17
joomla remote file inclusion vulnerability (from google) first seen: 2008-10-31 13:37:39
jevents old archive (from google) first seen: 2008-11-03 20:22:45
google joomla exploit (from google) first seen: 2008-11-04 18:40:26
xploit com_events (from google) first seen: 2008-11-04 20:44:57
include other files in joomla (from google) first seen: 2008-11-05 18:02:08
joomla exploit to execute php (from google) first seen: 2008-11-06 03:14:35
joomla mailto exploit (from google) first seen: 2008-11-06 09:54:00
joomlaremote (from google) first seen: 2008-11-06 11:21:22 hit: 2
joomla remote file include (from google) first seen: 2008-11-06 23:56:46
joomla remote (from google) first seen: 2008-11-07 04:32:35
component mailto exploit (from google) first seen: 2008-11-10 23:03:54
joomla jevents error (from google) first seen: 2008-11-10 23:45:15
malicious code in php joomla (from google) first seen: 2008-11-11 17:17:46
com_events exploit (from google) first seen: 2008-11-13 11:26:52
com_events xploit (from google) first seen: 2008-11-13 11:35:05
how to use mailto from joomla (from google) first seen: 2008-11-13 12:19:27
include in joomla (from google) first seen: 2008-11-15 21:52:55
get joomla exploit 2008 (from google) first seen: 2008-11-18 12:39:01
componente mailto en joomla (from google) first seen: 2008-11-19 20:13:21
jevents error (from google) first seen: 2008-11-20 21:05:56 hit: 2
GoogleBot visited this page on: 2008-11-18 03:41:42