An authenticated attacker may be able to upload active content to websites running older versions of Joomla.
CWE-434: Unrestricted Upload of File with Dangerous Type
A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form ('administrator/components/com_media/helpers/media.php'). Joomla! allows files with a trailing '.' to pass the upload checks.
The complete impact of this vulnerability is not yet known.
Apply an Update
Updated: October 30, 2013
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Thanks to Versafe for reporting this vulnerability.
This document was written by Todd Lewellen.
|Date First Published:||2013-10-30|
|Date Last Updated:||2013-10-30 15:40 UTC|