Vigil@nce - Joomla com_cckjseblod: file reading
November 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read a file of Joomla com_cckjseblod, in order to obtain sensitive information.
Impacted products: Joomla Extensions not comprehensive.
Creation date: 19/09/2016.
DESCRIPTION OF THE VULNERABILITY
The com_cckjseblod extension can be installed on Joomla.
However, an attacker can bypass file access restrictions.
An attacker can therefore read a file of Joomla com_cckjseblod, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN