CVE-2009-3822 – Joomla! Component Ajax Chat 1.0 - Remote File Inclusion

https://notcve.org/view.php?id=CVE-2009-3822

PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. Vulnerabilidad de subida de archivos sin restricción en el componente Fiji Web Design Ajax Chat (com_ajaxchat) v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de URL en el parámetro GLOBALS[mosConfig_absolute_path] en tests/ajcuser.php. • https://www.exploit-db.com/exploits/9888 http://secunia.com/advisories/37087 http://www.packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt http://www.securityfocus.com/bid/36731 http://www.vupen.com/english/advisories/2009/2968 • CWE-94: Improper Control of Generation of Code ('Code Injection') •