Vulnerability Note VU#639620
Joomla! Media Manager allows arbitrary file upload and execution
An authenticated attacker may be able to upload active content to websites running older versions of Joomla.
CWE-434: Unrestricted Upload of File with Dangerous Type
A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form ('administrator/components/com_media/helpers/media.php'). Joomla! allows files with a trailing '.' to pass the upload checks.
The complete impact of this vulnerability is not yet known.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Joomla||Affected||-||30 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Versafe for reporting this vulnerability.
This document was written by Todd Lewellen.
- CVE IDs: CVE-2013-5576
- Date Public: 31 Jul 2013
- Date First Published: 30 Oct 2013
- Date Last Updated: 30 Oct 2013
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.