[VIM] Joomla Media Local File Inclusion
George A. Theall
theall at tenable.com
Wed Mar 30 05:57:32 CDT 2011
Bugtraq 47043 looks questionable to me. There's no list of versions
affected or explanation of the vulnerability other than the PoC:
And while Joomla includes the component in its distribution file in
many versions (it doesn't in Joomla 1.0.15, the only version from the
1.0.x series I checked), the supposedly affected file is nothing more
than a class file. It doesn't include / require any other files nor
have calls to include() or require() or its variants. At least in
Joomla versions 1.5.22, 1.6.1 (both current), 1.5.12, or 1.5.5.
Any thoughts, Rob?
theall at tenablesecurity.com
More information about the VIM