The BE IT EasyPartner Joomla! component is susceptible to remote file inclusion vulnerabilities.
57833b743a6ffe185998d45e4604f48b6d0e4bd777a33d2ae72fab85d36e4907
------=_Part_60136_33270553.1167138861038
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Application : BE IT EasyPartner Joomla! Component
URL : http://forge.joomla.org/sf/frs/do/viewRelease/projects.be_it_easypartner/frs.be_it_easypartnercomponent_for_j.be_it_easypartner_0_0_9_beta
Variable $mosConfig_absolute_path not sanitized: xpl works with
register_globals=on
in components/com_be_it_easypartner/be_it_easypartner.ajax.php
<http://forge.joomla.org/sf/frs/do/downloadFile/projects.be_it_easypartner/frs.be_it_easypartnercomponent_for_j.be_it_easypartner_0_0_9_beta/frs5972?dl=1>
on line 15
require( $mosConfig_absolute_path.'/includes/joomla.php' );
Variable $mosConfig_absolute_path not sanitized: xpl works with
register_globals=on
in components/libraries/MicroXml.class.php on line 55
include_once ($mosConfig_absolute_path.'/includes/domit/xml_domit_include.php');
in components/libraries/TemplateFactory.class.php on line 24
require_once ($mosConfig_absolute_path.'/includes/patTemplate/patTemplate.php');
Fix
~~~~
Add before code:
defined('_VALID_MOS') or die('Direct access to this location is not allowed.');
vitux
#vitux.manis@gmail.com
------=_Part_60136_33270553.1167138861038
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<pre>Application : BE IT EasyPartner Joomla! Component<br><br>URL : <a href="http://forge.joomla.org/sf/frs/do/viewRelease/projects.be_it_easypartner/frs.be_it_easypartnercomponent_for_j.be_it_easypartner_0_0_9_beta">http://forge.joomla.org/sf/frs/do/viewRelease/projects.be_it_easypartner/frs.be_it_easypartnercomponent_for_j.be_it_easypartner_0_0_9_beta
</a><br><br>Variable $mosConfig_absolute_path not sanitized: xpl works with register_globals=on<br><br>in components<a href="http://forge.joomla.org/sf/frs/do/downloadFile/projects.be_it_easypartner/frs.be_it_easypartnercomponent_for_j.be_it_easypartner_0_0_9_beta/frs5972?dl=1">
/com_be_it_easypartner/be_it_easypartner.ajax.php</a> on line 15<br><br>require( $mosConfig_absolute_path.'/includes/joomla.php' );<br><br>Variable $mosConfig_absolute_path not sanitized: xpl works with register_globals=on
<br>in components/libraries/MicroXml.class.php on line 55<br><br>include_once ($mosConfig_absolute_path.'/includes/domit/xml_domit_include.php');<br><br>in components/libraries/TemplateFactory.class.php on line 24
<br><br>require_once ($mosConfig_absolute_path.'/includes/patTemplate/patTemplate.php');<br><br><br>Fix<br>~~~~<br><br>Add before code:<br>defined('_VALID_MOS') or die('Direct access to this location is not allowed.');
<br><br>vitux<br> <br>#vitux.manis@<a href="http://gmail.com">gmail.com</a><br></pre>
------=_Part_60136_33270553.1167138861038--