Joomla! JCE Component Plugins Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA45777

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45777/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45777

RELEASE DATE:
2011-09-01
DESCRIPTION:
A vulnerability has been reported in the Image Manager Extended and
Template Manager plugins for the Joomla! component JCE, which can be
exploited by malicious users to disclose system information and
manipulate certain data.

Certain input is not properly verified before being used to access
files. This can be exploited to view and manipulate files and folders
outside of the application root.

This is related to:
SA45849

The vulnerability is reported in the Image Manager Extended plugin
prior to versions 1.5.7.8 and 2.0.4 and the Template Manager plugin
prior to version 1.5.5.2 and 2.0.3.

SOLUTION:
Update to Image Manager Extended plugin versions 1.5.7.8 and 2.0.4
and Template Manager plugin versions 1.5.5.2 and 2.0.3.

PROVIDED AND/OR DISCOVERED BY:
Originally reported by AmnPardaz Security Research Team in the JCE
component. Additional information provided by the vendor.

ORIGINAL ADVISORY:
http://www.joomlacontenteditor.net/news/item/jce-2011-released