.. / CVE-2021-28377

Exploit for Joomla! ChronoForums 2.0.11 - Local File Inclusion (CVE-2021-28377)

Description:

Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.

Nuclei Template

View the template here CVE-2021-28377.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-28377.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-28377
https://herolab.usd.de/en/security-advisories/usd-2021-0007/
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2021-28377 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Joomla! ChronoForums 2.0.11 - Local File Inclusion (CVE-2021-28377)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-28377