Kasper Bertelsen warns that several vulnerabilities he discovered in Joomla's Helpdesk Pro can lead to remote code execution on hosts hosting the Web application.
Helpdesk Pro is an extension of Joomla that allows administrators and users to use support bids.
To name a few websites that use this plugin: eBay, Heathrow Airport, and the Supreme Court of Australias.
Vulnerabilities were discovered by Simon Rawet, Kristian Varnai, and Gregor Mynarsky, and include: direct object references, cross-site scripting, SQL injection, local file injection, arbitrary file upload.
“[Vulnerabilities] leave systems vulnerable to a wide variety of types attacks, resulting in the disclosure of potentially sensitive information, but also in its complete acquisition server with arbitrary code execution," they report.
Vulnerabilities work because downloading attachments and upload services do not restrict anyone from downloading files.
So an attacker can download the configuration.php file, for example, which contains sensitive information such as usernames, passwords of the database data, and the FTP credentials.
