SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
A vulnerability has been discovered in the Remository component for
Joomla! / Mambo, which can be exploited by malicious users to
compromise a vulnerable system.
The vulnerability is caused due to an error in application when
uploading thumbnails, which allows uploading of files with arbitrary
extensions to a folder inside the webroot. This can be exploited to
e.g. execute arbitrary PHP code by uploading a PHP file.
NOTE: The stored file name is based on the original file name and a
time stamp, which is predictable.
The vulnerability is confirmed in version 3.53.5J on Joomla!. Other
versions may also be affected.
Restrict access to the "components/com_remository_files" directory
(e.g. via .htaccess).
PROVIDED AND/OR DISCOVERED BY: