Joomla! JomSocial remote code execution

Description

JomSocial is an award-winning, powerful, social networking component for Joomla!. Matias Fontanini reported a remote code execution vulnerability in JomSocial component (version < 3.1.0.1).

The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanitized before being used in a call to the "call_user_func_array" PHP function. This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters. This can be leveraged by calling the "escape" method in the "CStringHelper" class to execute arbitrary PHP code.

Remediation

Upgrade to the latest version of JomSocial.

References