Home > Content Management, Cross Site Scripting, File Inclusion > Joomla! cgTestimonial Component Cross-Site Scripting and Arbitrary File Upload

Joomla! cgTestimonial Component Cross-Site Scripting and Arbitrary File Upload

August 25th, 2010

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: cgTestimonial Component
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to the components/com_cgtestimonial/user_images directory (e.g. via .htaccess)

Content Management, Cross Site Scripting, File Inclusion

Comments are closed.