SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
Salvatore Fresta has discovered some vulnerabilities in the
cgTestimonial component for Joomla!, which can be exploited by
malicious users and malicious people to compromise a vulnerable
system and by malicious people to conduct cross-site scripting
1) Input passed to the "url" parameter in
components/com_cgtestimonial/video.php is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a users browser session in context
of an affected site.
2) An error in the components/com_cgtestimonial/cgtestimonial.php
script allows upload of files with arbitrary extensions to a folder
inside the web root. This can be exploited to execute arbitrary PHP
code by uploading a PHP file with e.g. an "image/jpg" content type.
3) An error in the
allows upload of files with arbitrary extensions to a folder inside
the web root. This can be exploited to execute arbitrary PHP code by
uploading a PHP file with e.g. an "image/jpg" content type.
Successful exploitation of this vulnerability requires "Public
The vulnerabilities are confirmed in version 1.0. Other versions may
also be affected.
Edit the source code to ensure that input is properly sanitised.
Restrict access to the components/com_cgtestimonial/user_images
directory (e.g. via .htaccess)
PROVIDED AND/OR DISCOVERED BY:
Salvatore Fresta aka Drosophila