Check Point Advisories

Update Protection against Joomla! "X_CMS_LIBRARY_PATH" Directory Traversal Vulnerability

Check Point Reference: CPAI-2009-011
Date Published: 15 Jan 2009
Severity: Medium
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33377
Industry Reference:CVE-2009-0113
Protection Provided by:
Who is Vulnerable? Joomla! version 1.5.8 (other versions may also be affected)
Vulnerability Description A directory traversal vulnerability was detected in Joomla!, an open-source content management system (CMS). The vulnerability can be exploited to disclose sensitive information by accessing normally-inaccessible files on the server via directory traversal attacks.
Update/Patch AvaliableVendor advisory along with upgrade information:
http://www.joomla.org/announcements/release-news/5226-joomla-159-security-release-now-available.html
Vulnerability DetailsSpecifically, input passed to the "X_CMS_LIBRARY_PATH" HTTP header handled in plugins/editors/xstandard/attachmentlibrary.php is not properly verified before being used. A remote attacker can exploit this to display arbitrary directory contents.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK