Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability

ID SSV:19602
Type seebug
Reporter Root
Modified 2010-05-13T00:00:00


No description provided by source.

                                                A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system.

Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a command line argument in tmpl/default.php. This can be exploited to inject arbitrary shell commands

The vulnerability is confirmed in version 1.1. Other versions may also be affected.