Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Remediation

References

CVE-2013-5576

Related Vulnerabilities

MySQL CVE-2023-22038 Vulnerability (CVE-2023-22038)

Python Uncontrolled Search Path Element Vulnerability (CVE-2020-15523)

WordPress 2.2.2 Multiple Vulnerabilities (2.2 - 2.2.2)

WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10678)

Severity

Medium

Classification

CVE-2013-5576 CWE-20

Tags

Missing Update Known Vulnerabilities