JomSocial is an award-winning, powerful, social networking component for Joomla!. Matias Fontanini reported a remote code execution vulnerability in JomSocial component (version < 18.104.22.168).
The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanitized before being used in a call to the "call_user_func_array" PHP function. This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters. This can be leveraged by calling the "escape" method in the "CStringHelper" class to execute arbitrary PHP code.
- Upgrade to the latest version of JomSocial.
- WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)
- WordPress Plugin Robo Gallery-Photo Gallery and Images Gallery Remote Code Execution (2.0.14)
- WordPress Plugin Subscribe Form Remote Command Execution (1.1)
- WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)
- Apache Struts2 Remote Command Execution (S2-048)