[VIM] Joomla Media Local File Inclusion

George A. Theall theall at tenable.com
Wed Mar 30 05:57:32 CDT 2011

Bugtraq 47043 looks questionable to me. There's no list of versions  
affected or explanation of the vulnerability other than the PoC:


And while Joomla includes the component in its distribution file in  
many versions (it doesn't in Joomla 1.0.15, the only version from the  
1.0.x series I checked), the supposedly affected file is nothing more  
than a class file. It doesn't include / require any other files nor  
have calls to include() or require() or its variants. At least in  
Joomla versions 1.5.22, 1.6.1 (both current), 1.5.12, or 1.5.5.

Any thoughts, Rob?

theall at tenablesecurity.com

More information about the VIM mailing list