SECUNIA ADVISORY ID: SA47036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47036 RELEASE DATE: 2011-11-28DESCRIPTION: Ismail Kaleem has discovered a vulnerability in the Fabrik component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the models/importcsv.php script improperly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation requires "Manager" privileges. The vulnerability is confirmed in version 2.1. Prior versions may also be affected. SOLUTION: Update to version 2.1.1. PROVIDED AND/OR DISCOVERED BY: Ismail Kaleem via Vulnerability Research Laboratory ORIGINAL ADVISORY: Fabrik: http://www.ohloh.net/p/3417/commits/145749116 Vulnerability Research Laboratory: http://www.vulnerability-lab.com/get_content.php?id=342