Vulnerabilities > CVE-2006-1027 - Unspecified vulnerability in Joomla 1.0.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN joomla
nessus
Summary
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | JOOMLA_108.NASL |
| description | The version of Joomla! installed on the remote web server is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose the full path information from the Joomla! installation. Note that the application is reportedly affected by additional vulnerabilities, including a denial of service vulnerability, multiple unspecified SQL injection vulnerabilities, and additional information disclosure vulnerabilities; however, Nessus has not tested for these issues. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21143 |
| published | 2006-03-24 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21143 |
| title | Joomla! < 1.0.8 Information Disclosure |