SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
A weakness and a vulnerability have been reported in the FLEXIcontent
component for Joomla!, which can be exploited by malicious, local
users to manipulate certain data and disclose sensitive information
and by malicious people to compromise a vulnerable system.
1) The weakness is caused due to the component setting insecure
permissions (777) for the "cache" directory. This can be exploited to
e.g. modify, create, or delete files contained in this directory.
2) The vulnerability exists in the bundled version of phpThumb().
For more information:
The weakness and the vulnerability are reported in versions prior to
Update to version 1.5.
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.