First published: Fri Aug 31 2012(Updated: )
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wasen Mod Simplefileupload | <=1.3 | |
Wasen Mod Simplefileupload | =1.0 | |
Wasen Mod Simplefileupload | =1.1 | |
Joomla Joomla\! |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.