Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5407

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5407
Last Modified 15 Nov 2008 02:00:53
Published 12 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5407

Summary

Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.

Vulnerable Systems

Application

  • Joomlaequipment Jcontentsubscription 1.5.8


References

MILW0RM - 4508

OSVDB - 43627

OSVDB - 43624

OSVDB - 43623

OSVDB - 43622

OSVDB - 43621

OSVDB - 43620

OSVDB - 43619

XF - joomla-jcontentsubscription-file-include(37055)

BID - 26003


Last Updated: 27 May 2016 10:46:10