A vulnerability has been discovered in the Simple File Lister module for Joomla!, which can be exploited by malicious people to disclose system information.
Input passed via the "sflDir" parameter to index.php (when "option" is set to "com_content", "view" is set to "article", and "id" is set) is not properly verified in modules/mod_simplefilelisterv1.0/helper.php before being used to list files. This can be exploited to disclose the contents of arbitrary directories via directory traversal attacks.
The vulnerability is confirmed in version 1.0. Other versions may also be affected.
Vulnerable Products
Vulnerable Software: Simple File Lister 1.x (module for Joomla!)
Solution
Edit the source code to ensure that input is properly verified.
