Short Name |
HTTP:PHP:JOOMLA-JCE-FILE-UPLOAD |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Joomla JCE Editor File Upload |
Release Date |
2013/01/18 |
Update Number |
2226 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Joomla JCE Editor. By supplying a maliciously crafted file upload request to a php script, attackers can cause files to be uploaded to an arbitrary location, possibly leading to script execution.
The JCE component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Versions prior to JCE component 2.1.0 are vulnerable.