CVE-2008-6222
published 2009-02-20CVE-2008-6222: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.50%
95.5th percentile
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlashowroom | pro_desk_support_center | — | — |
| joomlashowroom | pro_desk_support_center | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component ProDesk 1.5 - Local File Inclusion
exploitdb·2010-11-08
CVE-2008-6222 Joomla! Component ProDesk 1.5 - Local File Inclusion
Joomla! Component ProDesk 1.5 - Local File Inclusion
---
[~]-------------------------------------------------------------------------------------------------------
[~] Joomla Component ProDesk v 1.5 (com_pro_desk&include_file) Local File Inclusion
[~]
[~] http://joomlashowroom.com
[~]
[~] Price - $ 49.99
[~] ----------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 7.11.2010
[~]
[~] http://security-sh3ll.blogspot.com | http://twitter.com/securityshell
[~]
[~] -----------------------------------------------------------------------------------------------------
[~] Poc :-
[~]
[~] http://site.com/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd
[~]
[~] Note :-
[~]
[~] Need
Exploit-DB
Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
exploitdb·2008-11-04
CVE-2008-6222 Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
---
[~]-------------------------------------------------------------------------------------------------------
[~] Joomla Component ProDesk v 1.0 AND 1.2 (com_pro_desk&include_file) Local File Inclusion Vulnerability
[~]
[~] http://joomlashowroom.com/index.php/Pro-Desk-Support-Center/Pro-Desk-Support-Center.html
[~]
[~]
[~] ----------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 4.11.2008
[~]
[~]
[~] [email protected] http://security-sh3ll.com
[~]
[~] -----------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum
Nuclei
Joomla! ProDesk 1.0/1.2 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2008-6222 [MEDIUM] Joomla! ProDesk 1.0/1.2 - Local File Inclusion
Joomla! ProDesk 1.0/1.2 - Local File Inclusion
Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
Template:
id: CVE-2008-6222
info:
name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: medium
description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
remediation: |
Apply the latest security patches or upgrade to a patched version of Joomla! Pr
http://secunia.com/advisories/32523http://www.securityfocus.com/bid/32113https://exchange.xforce.ibmcloud.com/vulnerabilities/46356https://www.exploit-db.com/exploits/6980http://secunia.com/advisories/32523http://www.securityfocus.com/bid/32113https://exchange.xforce.ibmcloud.com/vulnerabilities/46356https://www.exploit-db.com/exploits/6980
2009-02-20
Published