Joomla! Remote File Upload Vulnerability And Information Disclosure Weakness Network Vulnerability

Summary

Joomla! is prone to a remote file-upload vulnerability and an information- disclosure weakness. Attackers can exploit these issues to disclosure sensitive information, or upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation other attacks are also possible. Joomla! 1.5.x versions prior to 1.5.13 are vulnerable.

Solution

The vendor has released updates to address the issues. Please see the references for more information.

References

http://developer.joomla.org/security/news/301-20090722-core-file-upload.html
http://developer.joomla.org/security/news/302-20090722-core-missing-jexec-check.html
http://www.joomla.org/
http://www.securityfocus.com/archive/1/505231
http://www.securityfocus.com/bid/35780

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Apache Tomcat Windows Installer Privilege Escalation Vulnerability
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
Arkeia Appliance Path Traversal Vulnerability

Take action and discover your vulnerabilities