Description

JomSocial is an award-winning, powerful, social networking component for Joomla!. Matias Fontanini reported a remote code execution vulnerability in JomSocial component (version < 3.1.0.1).

The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanitized before being used in a call to the "call_user_func_array" PHP function. This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters. This can be leveraged by calling the "escape" method in the "CStringHelper" class to execute arbitrary PHP code.

Remediation

Upgrade to the latest version of JomSocial.

References

Joomla! JomSocial component - Remote code execution

Related Vulnerabilities

Drupal Core 8.9.0 Remote Code Execution (8.9.0)

Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)

Moveable Type 4.x unauthenticated remote command execution

Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725

Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution