[VIM] Joomla Flash Image Gallery Component RFI Vulnerability

George A. Theall theall at tenablesecurity.com
Tue Oct 9 02:16:22 UTC 2007

The affected parameter in Milw0rm 4496 is wrong -- it should be 
'mosConfig_live_site' rather than 'mosConfig_absolute_path'. The 
affected file in at least version 1.0 of the component is:

                      ----- snip, snip, snip -----
include( "$mosConfig_live_site/components/com_wmtgallery/about.html" );
                      ----- snip, snip, snip -----

Bugtraq 25958 appears to have the same problem with the proof-of-concept 
they provide.

theall at tenablesecurity.com

More information about the VIM mailing list