Description

A remote file inclusion vulnerability was reported in Joomla! core. It is possible for a remote attacker to extract a remotely hosted archive while you are extracting a backup archive or installing an update, depending on your server settings.

Affected versions: Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4.

Remediation

Upgrade to the latest version of Joomla!.

References

[20140903] - Core - Remote File Inclusion

Security update, September 2014

Related Vulnerabilities

WordPress Plugin WP Image Zoom Local File Inclusion (1.46)

WordPress Plugin Really Simple Guest Post Local File Inclusion (1.0.6)

WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.7)

Limited Remote File Read/Include in Jira Software Server

WordPress Plugin BackWPup Multiple Local File Include Vulnerabilities (1.5.2)

Severity

High

Classification

CVE-2014-7228.xml CWE-98 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

File Inclusion