Joomla! Information Disclosure and File Upload Vulnerability

SECUNIA ADVISORY ID:
SA35899

VERIFY ADVISORY:
http://secunia.com/advisories/35899/

DESCRIPTION:
A weakness and a vulnerability have been discovered in Joomla!, which
can be exploited by malicious people to disclose certain system
information and compromise a vulnerable system.

1) A vulnerability exists due to the TinyMCE editor including the
tiny browser plugin, which allows uploading files without
authentication. This can be exploited to e.g. upload files with
multiple extensions and execute arbitrary PHP code.

2) A weakness exists due to certain files missing checks for JEXEC,
which can be exploited to disclose internal path information.

The vulnerability is confirmed in version 1.5.12, the weakness is
reported in version 1.5.12 and all previous 1.5.x releases.

SOLUTION:
Update to version 1.5.13.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Patrice Lazareff
2) Juan Galiana Lara (Internet Security Auditors)

ORIGINAL ADVISORY:
http://developer.joomla.org/security/news/301-20090722-core-file-upload.html
http://developer.joomla.org/security/news/302-20090722-core-missing-jexec-check.html

RECENT ARTICLE

RECENT POST