Joomla! Simple File Upload Module Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA47370

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47370/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47370

RELEASE DATE:
2012-01-04
DESCRIPTION:
A vulnerability has been discovered in the Simple File Upload module
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to the
modules/mod_simplefileuploadv1.3/helper.php script not properly
validating uploaded files, which can be exploited to execute
arbitrary PHP code by uploading a PHP file with e.g. a ".pht" file
extension.

The vulnerability is confirmed in version 1.3.5. Other versions may
also be affected.

SOLUTION:
Restrict access to the upload folder (e.g. via .htaccess).

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
Simple File Upload:
http://wasen.net/index.php?option=com_content&view=article&id=64:simple-file-upload-download&catid=40:project-simple-file-upload&Itemid=59

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3