Joomla! Simple File Upload Module Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA45841

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45841/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45841

RELEASE DATE:
2011-09-02
DESCRIPTION:
A vulnerability has been discovered in the Simple File Upload module
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to the
modules/mod_simplefileuploadv1.2/helper.php script not properly
validating uploaded files, which can be exploited to execute
arbitrary PHP code by uploading a PHP file with e.g. an appended
".gif" file extension.

The vulnerability is confirmed in version 1.2 and reported in version
1.3. Other versions may also be affected.

SOLUTION:
Update to version 1.3 released on August 31st, 2011 or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
Simple File Upload:
http://wasen.net/index.php?option=com_content&view=article&id=64&Itemid=59
http://www.wasen.net/index.php?option=com_content&view=article&id=85:simple-file-upload-v13&catid=40:project-simple-file-upload&Itemid=69

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload