CVE-2008-2990

Description

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

Affected products

• Joomla! / com_facileforms1.4.4 – 1.4.4
• Joomla! / Joomla!
• Mambo / com_facileforms1.4.4 – 1.4.4

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43290
• MISChttp://www.securityfocus.com/bid/29904
• MISChttp://securityreason.com/securityalert/3967
• EXPLOIThttps://www.exploit-db.com/exploits/5915