CVE-2008-6172
published 2009-02-19CVE-2008-6172: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled…
PriorityP348medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
12.28%
95.7th percentile
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weberr | rwcards | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component RWCards 3.0.11 - Local File Inclusion
exploitdb·2008-10-23
CVE-2008-6172 Joomla! Component RWCards 3.0.11 - Local File Inclusion
Joomla! Component RWCards 3.0.11 - Local File Inclusion
---
[o]------------------------------------------------------------------------------------[x]
| Local File Inclusion Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : RWCards 3.0.11 Component for Joomla 1.5 CMS |
| Vendor : http://www.weberr.de/ |
| Date : 23 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]
[»] Google Dork
inurl:com_rwcards
[»] Vulnerable
./components/com_rwcards/captcha/captcha_image.php
15: if (!empty( $_GET['img'] ) )
16: $img = $_GET['img'];
17: else
18: {
19: echo 'no image file specified via &img=...';
20: exit;
21: }
22
Nuclei
Joomla! Component RWCards 3.0.11 - Local File Inclusion
nuclei·CVSS 6.8
CVE-2008-6172 [MEDIUM] Joomla! Component RWCards 3.0.11 - Local File Inclusion
Joomla! Component RWCards 3.0.11 - Local File Inclusion
A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
Template:
id: CVE-2008-6172
info:
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
impact: |
Successful exploitatio
http://secunia.com/advisories/32367http://www.securityfocus.com/bid/31892https://exchange.xforce.ibmcloud.com/vulnerabilities/46081https://www.exploit-db.com/exploits/6817http://secunia.com/advisories/32367http://www.securityfocus.com/bid/31892https://exchange.xforce.ibmcloud.com/vulnerabilities/46081https://www.exploit-db.com/exploits/6817
2009-02-19
Published