Joomla Restaurante Component File Upload Vulnerability

SECUNIA ADVISORY ID:
SA26756

VERIFY ADVISORY:
http://secunia.com/advisories/26756/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Restaurante 1.x (component for Joomla)
http://secunia.com/product/15703/

DESCRIPTION:
cold z3ro has reported a vulnerability in the Restaurante component
for Joomla, which can be exploited by malicious people to compromise
a vulnerable system.

The "Image and Upload and Thumbnail creation" feature
(index.php?option=com_restaurante&task=upload) does not properly
restrict uploaded files. This can be exploited to e.g. execute
arbitrary PHP code by uploading malicious files.

SOLUTION:
Update to the latest version.
http://detodo.masde50.net/index.php?option=com_remository&Itemid=27&func=fileinfo&id=99

PROVIDED AND/OR DISCOVERED BY:
cold z3ro

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/4383