SECUNIA ADVISORY ID: SA49613 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49613/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49613 RELEASE DATE: 2012-06-18DESCRIPTION: Sammy Forgit has discovered a vulnerability in the Maian Media component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script. The vulnerability is confirmed in version 1.5.8.4. Other versions may also be affected. SOLUTION: Restrict access to the administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Sammy Forgit, OpenSysCom. ORIGINAL ADVISORY: http://www.opensyscom.fr/Actualites/joomla-components-maian-media-arbitrary-file-upload-vulnerability.html