Description
A remote file inclusion vulnerability was reported in Joomla! core. It is possible for a remote attacker to extract a remotely hosted archive while you are extracting a backup archive or installing an update, depending on your server settings.
Affected versions:
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4.
Remediation
Upgrade to the latest version of Joomla!.
References
Related Vulnerabilities
WordPress Plugin CIP4 Folder Download Widget Local File Inclusion (1.10)
WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1)
Drupal Core 5.x Local File Inclusion (5.0 - 5.15)
WordPress Plugin Site Import Remote File Inclusion (1.0.1)
WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)