Joomla! jDownloads Component Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA44607

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44607/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44607

RELEASE DATE:
2011-05-19

DESCRIPTION:
A vulnerability has been discovered the jDownloads component for
Joomla!, which can be exploited by malicious users to compromise a
vulnerable system.

The application improperly validates uploaded files, which can be
exploited to execute arbitrary PHP code by uploading a PHP file with
e.g. an appended ".gif" file extension.

Successful exploitation requires "Manager" permissions in the backend
and that Apache is not configured to handle the mime-type for media
files with e.g. a ".jpg" or ".gif" extension.

The vulnerability is confirmed in version 1.8.1. Other versions may
also be affected.

SOLUTION:
Restrict access to the jdownloads directory (e.g. via .htaccess).

PROVIDED AND/OR DISCOVERED BY:
Al-Ghamdi