Researcher Kasper Bertelsen warns that several vulnerabilities he discovered in his Helpdesk Pro Joomla, μπορούν να οδηγήσουν σε απομακρυσμένη εκτέλεση κώδικα στους διακομιστές που φιλοξενούν την Web εφαρμογή.
Helpdesk Pro is an extension of Joomla that allows administrators and users to use support bids.
To name a few websites that use this plugin: eBay, Heathrow Airport, and the Supreme Court of Australias.
The vulnerabilities ανακαλύφθηκα από τους Simon Rawet, Kristian Varnai, και Gregor Mynarsky, και συμπεριλαμβάνουν: direct object references, cross-site scripting, SQL injection, local file injection, path traversal, and arbitrary file upload.
"[Vulnerabilities] leave systems vulnerable to a wide variety of attack types, resulting in the disclosure of potentially sensitive information, but also to the complete acquisition of the server with arbitrary code execution," they say.
Vulnerabilities work because downloading attachments and upload services do not restrict anyone from downloading files.
So an attacker can download the configuration.php file, for example, which contains sensitive information such as usernames, passwords of base data, and the FTP credentials.