SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
A vulnerability has been discovered the jDownloads component for
Joomla!, which can be exploited by malicious users to compromise a
The application improperly validates uploaded files, which can be
exploited to execute arbitrary PHP code by uploading a PHP file with
e.g. an appended ".gif" file extension.
Successful exploitation requires "Manager" permissions in the backend
and that Apache is not configured to handle the mime-type for media
files with e.g. a ".jpg" or ".gif" extension.
The vulnerability is confirmed in version 1.8.1. Other versions may
also be affected.
Restrict access to the jdownloads directory (e.g. via .htaccess).
PROVIDED AND/OR DISCOVERED BY: