Joomla Simple File Upload Module Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is running Joomla Simple File Upload Module and is prone to remote code execution vulnerability.

Impact

Successful exploitation will allow attacker to upload PHP scripts and execute arbitrary commands on a web server. Impact Level: Application.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to the access and input validation errors in the 'index.php' script when uploading files.

Affected

Joomla Simple File Upload Module version 1.3.5

References

http://osvdb.org/78122
http://secunia.com/advisories/47370/
http://www.exploit-db.com/exploits/18287/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities