Joomla Component JE Job Local File Inclusion Vulnerability

Please view the original advisory here.

The Joomla component JE Job suffers from a Local File Inclusion vulnerability. Furthermore XSS attacks may be possible.

Example URI = index.php?option=com_jejob&view=../../../../../../etc/passwd%00

It is highly recommended to activate the PHP var OpenBaseDir and configure it correctly.

May 14th, 2010 in LFI | tags: advisory, com_jejob, exploit, html code injection, je job component, local file inclusion, Security, vulnerability, XSS

1 Comment

Joomla JE Job Component Two Vulnerabilities « Bug-BlogMay 18th, 2010 at 01:54

[...] ORIGINAL ADVISORY: http://www.xenuser.org/2010/05/14/joomla-component-je-job-local-file-inclusion-vulnerability/ [...]

Leave a comment

You must be logged in to post a comment.

Ascii for Breakfast

Register here Blog about Xen, IT-Security, Linux and other stuff.

hacker emblem

valentin@xenuser.org

Recent Posts

Active projects

Blogroll

Exploit-DB updates

blog.xen.org

29 feed subscribers

Author Links

Secunia
Link

Exploit DB
Link 1, link 2 and link 3

Security Focus
Link 1 and link 2

Nullbyte
Link 1, link 2

Hack0wn
Link

Packetstorm Security
Link

OSVDB
Link

Security Reason
Link

Launchpad
Link

Exploit-ID
Link