Joomla JomSocial 2.6 Code Execution

Summary

JomSocial is prone to a remote PHP code execution Vulnerability

Impact

Successful exploits will allow remote attackers to execute arbitrary commands within the context of the webserver.

Solution

Updates are available

Affected

Joomla JomSocial component version 2.6

Detection

Try to execute the phpinfo() command by using a special crafted HTTP POST request

References

http://www.jomsocial.com/blog/hot-fix-3-1-0-4

Updated on 2015-03-25

Severity

High Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities