[VIM] Joomla Flash Image Gallery Component RFI Vulnerability

[George A. Theall]

The affected parameter in Milw0rm 4496 is wrong -- it should be 
'mosConfig_live_site' rather than 'mosConfig_absolute_path'. The 
affected file in at least version 1.0 of the component is:

                      ----- snip, snip, snip -----
<?php
include( "$mosConfig_live_site/components/com_wmtgallery/about.html" );
?>
                      ----- snip, snip, snip -----

Bugtraq 25958 appears to have the same problem with the proof-of-concept 
they provide.


George
-- 
theall at tenablesecurity.com