CVE-2009-4946

Name of the Vulnerable Software and Affected Versions Joomla! com messaging component versions prior to 1.5.1

Description A directory traversal issue exists in the Messaging component, allowing remote attackers to include and execute arbitrary local files. This is achieved by using directory traversal sequences in the controller parameter within a messages action to index.php.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file in the Messaging component to minimize the risk of exploitation. Avoid using the controller parameter in the affected index.php file until the issue is resolved.