วันพฤหัสบดีที่ ๐๕ มกราคม ๒๕๕๕ เวลา ๑๑:๓๘ น.
DOCMan LaiThai
ผู้ชม: 177
SECUNIA ADVISORY ID:
SA47370
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47370/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47370
RELEASE DATE:
2012-01-04
DESCRIPTION:
A vulnerability has been discovered in the Simple File Upload module
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.
The vulnerability is caused due to the
modules/mod_simplefileuploadv1.3/helper.php script not properly
validating uploaded files, which can be exploited to execute
arbitrary PHP code by uploading a PHP file with e.g. a ".pht" file
extension.
The vulnerability is confirmed in version 1.3.5. Other versions may
also be affected.
SOLUTION:
Restrict access to the upload folder (e.g. via .htaccess).
PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.
ORIGINAL ADVISORY:
Simple File Upload:
http://wasen.net/index.php?option=com_content&view=article&id=64:simple-file-upload-download&catid=40:project-simple-file-upload&Itemid=59
Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3
