#VU13475 PHP file inclusion in Joomla!
Vulnerability identifier: #VU13475
Vulnerability risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-98
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Joomla!
Web applications /
CMS
Vendor: Joomla!
Description
The vulnerability allows a remote attacker to include and execute arbitrary files on the local system.
The vulnerability exists due to autoload code checks classnames to be valid, using the "class_exists" function in PHP. This function however does not properly validate names in PHP 5.3, which can lead to local file inclusion vulnerability.
Successful exploitation of the vulnerability may allow an attacker to read arbitrary files and under certain circumstances even compromise vulnerable system but requires that Joomla! is using an old version of PHP 5.3.
Mitigation
Update to version 3.8.9.
Vulnerable software versions
Joomla!: 3.8.0 - 3.8.8, 3.7.0 - 3.7.5, 3.6.0 - 3.6.5, 3.5.0 - 3.5.9, 3.4.0 - 3.4.8, 3.3.0 - 3.3.6, 3.2.0 - 3.2.7, 3.1.0 - 3.1.6, 3.0.0 - 3.0.4, 2.5.0 - 2.5.28
External links
http://developer.joomla.org/security-centre.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
