Joomla! Easy File Uploader Module File Upload Vulnerability

SECUNIA ADVISORY ID:
SA42862

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42862/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42862

RELEASE DATE:
2011-01-12
DESCRIPTION:
A vulnerability has been reported in Easy File Uploader module for
Joomla!, which can be exploited by malicious users to compromise a
vulnerable system.

The vulnerability is caused due to the module improperly validating
the extension of an uploaded file. This can be exploited to e.g.
upload and execute arbitrary PHP files by passing an allowed MIME
media type in the HTTP headers.

The vulnerability is reported in versions prior to 0.6.

SOLUTION:
Update to version 0.6.

PROVIDED AND/OR DISCOVERED BY:
rustyDusty

RECENT ARTICLE

RECENT POST