Joomla! Easy Flash Uploader Module Arbitrary File Upload Vulnerability

SECUNIA ADVISORY ID:
SA49535

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49535/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49535

RELEASE DATE:
2012-06-14
DESCRIPTION:
Sammy Forgit has reported a vulnerability in the Easy Flash Uploader
module for Joomla!, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to the
plugins/content/efup_files/helper.php script allowing the upload of
files with arbitrary extensions to a folder inside the webroot. This
can be exploited to execute arbitrary PHP code by uploading a
malicious PHP script.

The vulnerability is reported in version 2.0. Prior versions may also
be affected.

SOLUTION:
Update to version 2.1.

PROVIDED AND/OR DISCOVERED BY:
Sammy Forgit, OpenSysCom

ORIGINAL ADVISORY:
Easy Flash Uploader:
https://www.valorapps.com/12-notices/27-easy-flash-uploader-version-2-1-is-released.html

RECENT ARTICLE

RECENT POST