Description

A remote file inclusion vulnerability was reported in Joomla! core. It is possible for a remote attacker to extract a remotely hosted archive while you are extracting a backup archive or installing an update, depending on your server settings.

Affected versions: Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4.

Remediation

Upgrade to the latest version of Joomla!.

References

[20140903] - Core - Remote File Inclusion

Security update, September 2014

Related Vulnerabilities

WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Local File Inclusion (1.4.3)

WordPress Plugin Payment Gateways Caller for WP e-Commerce Local File Inclusion (0.1)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner 'config' Parameter Local File Inclusion (3.0.3)

WordPress Plugin Easy Forms for MailChimp Local File Inclusion (6.0.5.5)

WordPress Plugin Revamp CRM for WooCommerce Local File Inclusion (1.0.3)

Severity

High

Classification

CVE-2014-7228.xml CWE-98 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

File Inclusion