Lunarpages Web Hosting Forum

Author Topic: [Medium Alert] Joomla Ext. JMS File Sellers - LFI Vulnerability  (Read 3549 times)

Offline Dragos

  • Intergalactic Superstar
  • *****
  • Posts: 125
    • Lunarpages
Executive Summary: The Joomla Ext. com_jmsfileseller has been discovered to be vulnerable to a Local File Inclusion vulnerability. The affected version is 1.0.

Technical Details: Input passed via "VIEW" Parameter is not sanitized.

Recommendations: contact the developer and obtain an updated version or discontinue use. Alternatively you can edit the source code to fix the issue.
Dragos Gabriel Fedorovici
System Administrator I - Add2Net Inc., LunarPages Division

Phone: 1-714-521-8150