[VIM] Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability

George A. Theall theall at tenablesecurity.com
Sat Oct 13 11:04:51 UTC 2007

There seems to be a mistake in Milw0rm 4524... I downloaded the 
component and installed it. The affected file listed in the advisory,
/components/com_colorlab/admin.color.php, does not exist. But 
/administrator/components/com_color/admin.color.php does exist and is 

The only line in the file, other than the PHP tags, is:

   include( "$mosConfig_live_site/components/com_color/about.html" );

so register_globals is required for exploitation.

theall at tenablesecurity.com

More information about the VIM mailing list