Joomla! Maian Media Component Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA49613

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49613/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49613

RELEASE DATE:
2012-06-18
DESCRIPTION:
Sammy Forgit has discovered a vulnerability in the Maian Media
component for Joomla!, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to the
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php
script allowing the upload of files with arbitrary extensions to a
folder inside the webroot. This can be exploited to execute arbitrary
PHP code by uploading a malicious PHP script.

The vulnerability is confirmed in version 1.5.8.4. Other versions may
also be affected.

SOLUTION:
Restrict access to the
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php
script (e.g. via .htaccess).

PROVIDED AND/OR DISCOVERED BY:
Sammy Forgit, OpenSysCom.

ORIGINAL ADVISORY:
http://www.opensyscom.fr/Actualites/joomla-components-maian-media-arbitrary-file-upload-vulnerability.html