Summary
This host is running Joomla Simple File Upload Module and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow attacker to upload PHP scripts and execute arbitrary commands on a web server.
Impact Level: Application.
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to the access and input validation errors in the 'index.php' script when uploading files.
Affected
Joomla Simple File Upload Module version 1.3.5
References
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014