Comments on: Joomla Xplorer Security Issue Identified and Solved

By: Radek

Radek — Thu, 27 Aug 2009 05:13:15 +0000

Hi. This patch solve nothing. If I can acces to /administrator/components/com_joomlaxplorer/.config/conf.php with JoomlaXplorer, I can chage modified file conf.php to original conf.php and will get acces to webroot again!

By: NQ. Trung

NQ. Trung — Mon, 18 Aug 2008 09:21:37 +0000

Hi!
I think, this solution only prevent user in a website can not access root directoy. But, if my server hosted for some website, and they have own admin account, so it’s very dangerous if they install another themself on their website and access to others in htdocs.
So, I need a solution to prevent them install or I can control their install JoomlaXplorer component.
Thanks!

By: nvthoan

nvthoan — Fri, 11 Jul 2008 08:42:46 +0000

Hi,

I still have this security problem with JoomlaExplorer.
Have you found any solution to limit other access htdocs’s other directories.

TKS

NV.Thoan

By: joomla tutorial

joomla tutorial — Sun, 08 Jun 2008 10:21:12 +0000

Thanks for the tip, will work wonders for my joomla tutorial service

By: Jack

Jack — Thu, 17 Apr 2008 02:59:03 +0000

What if the users install another instance of the JoomlaXplorer component?

If JoomlaXplorer lets the users get access to the root directory, any malicious component could also get access as well.

Does this mean, not giving them access to the Joomla Administrator account? Just giving them author or editor rights…

By: magdalena

magdalena — Tue, 13 Nov 2007 11:30:17 +0000

Many thanks for this solution!! It helped me a lot.