Signature Detail
Short Name |
HTTP:JOOMLA-MEDIAMGR-FILEUPLOAD |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Joomla Media Manager Arbitrary File Upload |
Release Date |
2013/11/26 |
Update Number |
2322 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Joomla Media Manager Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Joomla Media Manager. Attackers can upload arbitrary files on the targeted system and gain unauthorized, remote access.
Extended Description
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
Affected Products
- joomla joomla! 2.5.0
- joomla joomla! 2.5.1
- joomla joomla! 2.5.10
- joomla joomla! 2.5.11
- joomla joomla! 2.5.12
- joomla joomla! 2.5.13
- joomla joomla! 2.5.2
- joomla joomla! 2.5.3
- joomla joomla! 2.5.4
- joomla joomla! 2.5.5
- joomla joomla! 2.5.6
- joomla joomla! 2.5.7
- joomla joomla! 2.5.8
- joomla joomla! 2.5.9
- joomla joomla! 3.0.0
- joomla joomla! 3.0.1
- joomla joomla! 3.0.2
- joomla joomla! 3.0.3
- joomla joomla! 3.0.4
- joomla joomla! 3.1.0
- joomla joomla! 3.1.1
- joomla joomla! 3.1.2
- joomla joomla! 3.1.3
- joomla joomla! 3.1.4
References
- BugTraq: 61582
- CVE: CVE-2013-5576