Published: 08/06/2007 Updated: 15/11/2008

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joomla jd-wiki 1.0.2

source: wwwsecurityfocuscom/bid/24342/info JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process This may allow ...

source: wwwsecurityfocuscom/bid/24342/info JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process This may allo ...

CWE-94 http://www.securityfocus.com/bid/24342 http://osvdb.org/37473 http://osvdb.org/37472 https://nvd.nist.gov https://www.exploit-db.com/exploits/30157/

CVE-2007-3130

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect