Description
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
Remediation
References
Related Vulnerabilities
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0216)
WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0)
WordPress Plugin Lightweight Sidebar Manager Cross-Site Request Forgery (1.1.4)
Joomla Improper Input Validation Vulnerability (CVE-2011-2892)
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-3144)