Patch Security hole in mmsblog joomla component
5112
$$
- Posted:
- Proposals: 2
- Remote
- #23764
- Archived
Description
Experience Level: Intermediate
I have developped a website based on JOOMLA with different components.
One of these module is MMSBLOG (http://extensions.joomla.org/extensions/core-enhancements/mobile/38).
Unfortunately, this module have a big security hole, and my website has been hacked through this hole last week ! At this time there is no update to patch this hole... however this component is really important for me because my client need to post news on the website through email with a satellite connection...
So I need to find a solution to secure this component and protect the website from hacking.
I have found this about the vulnerability of this component on the web :
DESCRIPTION: A vulnerability has been discovered in the MMS Blog component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed to the \"controller\" parameter in index.php (when \"option\" is set to \"com_mmsblog\") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
So, I\'m searching someone would could patch the hole or find a secure solution to protect my website.
Thanks, in advance,
Eric.
One of these module is MMSBLOG (http://extensions.joomla.org/extensions/core-enhancements/mobile/38).
Unfortunately, this module have a big security hole, and my website has been hacked through this hole last week ! At this time there is no update to patch this hole... however this component is really important for me because my client need to post news on the website through email with a satellite connection...
So I need to find a solution to secure this component and protect the website from hacking.
I have found this about the vulnerability of this component on the web :
DESCRIPTION: A vulnerability has been discovered in the MMS Blog component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed to the \"controller\" parameter in index.php (when \"option\" is set to \"com_mmsblog\") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
So, I\'m searching someone would could patch the hole or find a secure solution to protect my website.
Thanks, in advance,
Eric.
Eric P.
0% (0)Projects Completed
4
Freelancers worked with
5
Projects awarded
50%
Last project
20 Feb 2012
French Polynesia
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies