SOBI2's admin panel doesn't explicitly check for _POST requests, nor does it have a nonce.
Successful exploitation of this exploit requires a site administrator to visit a malicious URL while logged in to the backend.
The location of the overwritten file in this case is components/com_sobi2/templates/default/sobi2.details.tmpl.php
- Vulnerabilities Discovered: 1 October 2010
- Vendor Notified: 1 October 2010
- Vendor Response: 1 October 2010
- Update Available: 4 October 2010
- Disclosure: 4 October 2010
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.