Description

JomSocial is an award-winning, powerful, social networking component for Joomla!. Matias Fontanini reported a remote code execution vulnerability in JomSocial component (version < 3.1.0.1).

The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanitized before being used in a call to the "call_user_func_array" PHP function. This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters. This can be leveraged by calling the "escape" method in the "CStringHelper" class to execute arbitrary PHP code.

Remediation

Upgrade to the latest version of JomSocial.

References

Related Vulnerabilities