Joomla! JCE Component Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA43418

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43418/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43418

RELEASE DATE:
2011-03-06
DESCRIPTION:
Vertical Pigeon has reported a vulnerability in the JCE component for
Joomla!, which can be exploited by malicious users to compromise a
vulnerable system.

The vulnerability is caused due to the application allowing the
upload of arbitrary files to a folder inside the web root. This can
be exploited to e.g. upload and execute arbitrary PHP files.

The vulnerability is reported in versions prior to 1.5.7.7.

SOLUTION:
Update to version 1.5.7.7.

PROVIDED AND/OR DISCOVERED BY:
Vertical Pigeon

ORIGINAL ADVISORY:
JCE:
http://www.joomlacontenteditor.net/news/item/jce-1577-released

Vertical Pigeon:
http://verticalpigeon.com/joomla/security/JCE/Joomla-JCE-Vulnerable-arbirary-file-upload