Detections
Analytics
JCE Admin Component for Joomla! 'plugin' Parameter Local File Include
high Nessus Plugin ID 23781
Language:
Synopsis
The remote web server contains a PHP application that is affected by a local file include vulnerability.Description
The version of the JCE Admin component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'plugin' parameter before using it in the components/com_jce/jce.php script to include PHP code. Regardless of the PHP 'register_globals' setting, an unauthenticated, remote attacker can exploit this issue to disclose arbitrary files or execute arbitrary PHP code on the remote host, subject to the privileges of the web server user ID.In addition, the component is reportedly also affected by multiple cross-site scripting vulnerabilities involving other parameters to the same script, as well as an additional local file include vulnerability; however, Nessus has not checked for these.
Solution
Unknown at this time.Plugin Details
Severity: High
ID: 23781
File Name: com_jce_file_includes.nasl
Version: 1.27
Type: remote
Family: CGI abuses
Published: 12/10/2006
Updated: 5/14/2025
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:joomla:joomla%5c%21
Required KB Items: www/PHP, installed_sw/Joomla!
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 12/8/2006
Reference Information
CVE: CVE-2006-6419
BID: 21491