Researcher Kasper Bertelsen warns that several vulnerabilities he discovered in Joomla's Helpdesk Pro can lead to remote implementation code on the servers hosting the Web application.
Helpdesk Pro is an extension of Joomla that allows administrators and users to use support bids.
Here are some websites that use this plugin: eBay, Heathrow Airport, and the Australian Supreme Court.
The vulnerabilities were discovered by Simon Rawet, Kristian Varnai, and Gregor Mynarsky, and include: direct object references, cross-site scripting, SQL injection, local file injection, path traversal, and arbitrary file upload.
“[Vulnerabilities] leave systems vulnerable to a wide variety of attack types, resulting in the disclosure of potentially sensitive information, but also in the complete acquisition of server with arbitrary code execution," they report.
The vulnerabilities work because attachment download and upload services do not restrict someone from downloading archives.
So an attacker can download the configuration.php file, for example, which contains sensitive information such as usernames, passwords of base data, and the FTP credentials.