Vulnerabilities > CVE-2006-1027 - Information Disclosure vulnerability in Joomla 1.0.7

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
joomla
nessus

Summary

feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.

Vulnerable Configurations

Part Description Count
Application
Joomla
1

Nessus

NASL familyCGI abuses
NASL idJOOMLA_108.NASL
descriptionThe version of Joomla! installed on the remote web server is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose the full path information from the Joomla! installation. Note that the application is reportedly affected by additional vulnerabilities, including a denial of service vulnerability, multiple unspecified SQL injection vulnerabilities, and additional information disclosure vulnerabilities; however, Nessus has not tested for these issues.
last seen2020-06-01
modified2020-06-02
plugin id21143
published2006-03-24
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21143
titleJoomla! < 1.0.8 Information Disclosure