Description
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2012-0534 Vulnerability (CVE-2012-0534)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.7.7)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.13)
WordPress Plugin Asset Manager 'upload.php' Arbitrary File Upload (0.3)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)