Joomla! Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA54326

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54326/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54326

RELEASE DATE:
2013-08-02
DESCRIPTION:
A vulnerability has been discovered in Joomla!, which can be
exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to the
administrator/components/com_media/helpers/media.php script
improperly validating the extension of an uploaded file. This can be
exploited to e.g. execute arbitrary PHP code by uploading a PHP file
using a ".php." extension.

Successful exploitation requires permissions to upload files and that
the web server is configured to handle ".php." extensions as PHP
scripts.

The vulnerability is confirmed in version 3.1.4 and reported in
versions prior to 2.5.14 and 3.1.5.

SOLUTION:
Update to version 2.5.14 or 3.1.5.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Jens Hinrichsen.

ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5506-joomla-2-5-14-released.html
http://www.joomla.org/announcements/release-news/5505-joomla-3-1-5-stable-released.html
http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads

RECENT ARTICLE

RECENT POST