Vigil@nce - Joomla com_joomdoc: information disclosure via path
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the path parameter of Joomla com_joomdoc, in
order to obtain sensitive information.
Impacted products: Joomla Extensions not comprehensive.
Severity: 1/4.
Creation date: 09/06/2016.
DESCRIPTION OF THE VULNERABILITY
The com_joomdoc extension can be installed on Joomla.
However, an attacker can alter the "path" parameter in order to
discover the full path related to this product.
An attacker can therefore use the path parameter of Joomla
com_joomdoc, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Joomla-com-joomdoc-information-disclosure-via-path-19854