Vigil@nce - Joomla eXtplorer: privilege escalation
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An unauthenticated attacker can use Joomla eXtplorer, in order to
access to the file system.
Impacted products: Joomla Extensions
Severity: 2/4
Creation date: 20/12/2013
DESCRIPTION OF THE VULNERABILITY
The Joomla eXtplorer extension offers a file explorer written in
PHP.
However, the authentication of users is not correctly processed.
An unauthenticated attacker can therefore use Joomla eXtplorer, in
order to access to the file system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-eXtplorer-privilege-escalation-13974