Joomla Community Builder Enhenced Local File Include and Arbitrary File Upload Vulnerabilities

Joomla Community Builder Enhenced is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files onto the application, execute arbitrary local files within the context of the affected application, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code.

Versions prior to Joomla Community Builder Enhenced 1.4.11 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus