Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5671

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5671
Last Modified 19 Aug 2009 01:22:14
Published 18 Dec 2008 08:52:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5671

Summary

PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Vulnerable Systems

Application

  • Joomla 1.0.11

  • Joomla 1.0.12

  • Joomla 1.0.13

  • Joomla 1.0.14


References

CONFIRM - http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html

BID - 27795

BUGTRAQ - 20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php

BUGTRAQ - 20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php

SREASON - 4787

SECUNIA - 29106


Last Updated: 27 May 2016 10:48:52