Summary
Joomla! is prone to a remote file-upload vulnerability and an information- disclosure weakness.
Attackers can exploit these issues to disclosure sensitive information, or upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation
other attacks are also possible.
Joomla! 1.5.x versions prior to 1.5.13 are vulnerable.
Solution
The vendor has released updates to address the issues. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- Arkeia Appliance Path Traversal Vulnerability