Mambo CropImage Component Remote File Include Vulnerability

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
smart
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Thu Aug 18, 2005 1:33 pm
Location: Sebastopol
Contact:

Mambo CropImage Component Remote File Include Vulnerability

Post by smart » Mon Aug 21, 2006 6:11 am

Bugtraq ID:  19605
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 19 2006 12:00AM
Updated: Aug 19 2006 12:00AM
Credit: Discovery is credited to [email protected].
Vulnerable: CropImage CropImage 1.0 beta


#Fix:
1-)open admin.cropcanvas.php
2-)add this code before line 7

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

Readmore:
http://www.securityfocus.com/archive/1/443762
http://www.securityfocus.com/bid/19605/info
Joomlaportal.ru News, articles and tutorials
Joomlaforum.ru Russian Joomla Support Forum
Member of the Russian Joomla Translation Team

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Mambo CropImage Component Remote File Include Vulnerability

Post by infograf768 » Mon Aug 21, 2006 6:34 am

FYI Cropimage is an abandonned project.
Last release was a beta for 451 in January 2005.

Only place to find it is on P.Lamont's private site Mamboxchange.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group


Locked

Return to “3rd Party/Non Joomla! Security Issues”