Joomla PinMe! Component File Upload Vulnerability

SECUNIA ADVISORY ID:
SA35551

VERIFY ADVISORY:
http://secunia.com/advisories/35551/

DESCRIPTION:
ViRuSMaN has discovered a vulnerability in the PinMe! component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

The component does not properly check the extension of uploaded
files, which can be exploited to upload and execute arbitrary PHP
code.

The vulnerability is confirmed in version 2.1.0. Other versions may
also be affected.

Download New version at
http://pinme.pi.ohost.de/index.php?option=com_docman&task=cat_view&gid=35&Itemid=28

SOLUTION:
Grant only trusted users access to the component.

PROVIDED AND/OR DISCOVERED BY:
ViRuSMaN

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/9011

RECENT ARTICLE

RECENT POST