Info

Disclosure

Jul 28, 2006

Discovery

Unknown

Dates

Exploit

Jul 28, 2006

Solution

Unknown

Description

JD-WordPress for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to wp-trackback.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Open Source Matters, Inc.

JD-WordPress for Joomla

2.0-1.0 RC2

References

Bugtraq ID: 19209
CVE ID: 2006-4992 (see also: NVD)
Related OSVDB ID: 28997 28998
Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,79477.0.html
http://forum.joomla.org/index.php/topic,81064.0.html
Other Advisory URL: http://www.babilonics.com/?q=node/1802

Credit

Drago84 - Exclusive Security Italian Security

Direct URL: http://osvdb.org/28999