Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Input Validation Vulnerability (CVE-2013-5576)

Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Remediation

References

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0123)

Oracle JRE CVE-2011-3563 Vulnerability (CVE-2011-3563)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0061)

MySQL CVE-2021-2058 Vulnerability (CVE-2021-2058)

WordPress Plugin Unite Gallery Lite Multiple Vulnerabilities (1.4.6)

Severity

Medium

Classification

CVE-2013-5576 CWE-20

Tags

Missing Update Known Vulnerabilities