Description
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core version 1.5.12 is vulnerable.
Remediation
Update to Joomla! Core version 1.5.13 or latest
References
http://www.securityfocus.com/bid/35780/exploit
https://www.exploit-db.com/exploits/10183/
https://developer.joomla.org/security-centre/301-20090722-core-file-upload.html
Related Vulnerabilities
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.65)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Security Bypass (3.2.13)
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.4.0)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5264)