Description

JCE is a very popular content editor for Joomla! sites. A vulnerability has been reported in JCE 2.0 and JCE 1.5 that allows a logged in user - who has access to JCE (ie: they can created or edit articles) and any of the Image Manager, Image Manager Extended, File Manager, Media Manager or Template Manager plugins - to view and manipulate files and folders outside of the folder assigned to these plugins.

JCE 2.0.11 and JCE 1.5.7.14 add additional security checks to fix the vulnerability. Additional checks have also been added to some functions in the Image Manager Extended and Template Manager plugins.

Remediation

Upgrade JCE to the latest version.

References

Exploit for JCE Joomla Extension

JCE 2.0.11 released

JCE Homapage

Related Vulnerabilities

WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)

Sqlite Improper Input Validation Vulnerability (CVE-2016-6153)

Remote code execution of user-provided local names in Rails

WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)

Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Arbitrary File Creation Code Execution