Description
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32522
Exploit, Vendor Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32526
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32525
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/459203/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32523
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32524
Vendor Advisory x_refsource_misc
http://www.hackers.ir/advisories/festival.txt
Scores
EPSS
0.0004
EPSS Percentile
11.5%
Details
Status
published
Products (1)
joomla/joomla
1.5.0_beta
Published
Jan 19, 2007
Tracked Since
Feb 18, 2026