First published: Wed Oct 09 2013(Updated: )
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Joomla Joomla\! | =2.5.0 | |
Joomla Joomla\! | =2.5.1 | |
Joomla Joomla\! | =2.5.2 | |
Joomla Joomla\! | =2.5.3 | |
Joomla Joomla\! | =2.5.4 | |
Joomla Joomla\! | =2.5.5 | |
Joomla Joomla\! | =2.5.6 | |
Joomla Joomla\! | =2.5.7 | |
Joomla Joomla\! | =2.5.8 | |
Joomla Joomla\! | =2.5.9 | |
Joomla Joomla\! | =2.5.10 | |
Joomla Joomla\! | =2.5.11 | |
Joomla Joomla\! | =2.5.12 | |
Joomla Joomla\! | =2.5.13 | |
Joomla Joomla\! | =3.0.0 | |
Joomla Joomla\! | =3.0.1 | |
Joomla Joomla\! | =3.0.2 | |
Joomla Joomla\! | =3.0.3 | |
Joomla Joomla\! | =3.0.4 | |
Joomla Joomla\! | =3.1.0 | |
Joomla Joomla\! | =3.1.1 | |
Joomla Joomla\! | =3.1.2 | |
Joomla Joomla\! | =3.1.3 | |
Joomla Joomla\! | =3.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.