Description

JomSocial is an award-winning, powerful, social networking component for Joomla!. Matias Fontanini reported a remote code execution vulnerability in JomSocial component (version < 3.1.0.1).

The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanitized before being used in a call to the "call_user_func_array" PHP function. This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters. This can be leveraged by calling the "escape" method in the "CStringHelper" class to execute arbitrary PHP code.

Remediation

Upgrade to the latest version of JomSocial.

References

Joomla! JomSocial component - Remote code execution

Related Vulnerabilities

WordPress Plugin MailPress Remote Code Execution (7.0.2)

WooFramework shortcode exploit

uWSGI Unauthorized Access Vulnerability

Symfony ESI (Edge-Side Includes) enabled

Apache Struts2 Remote Command Execution (S2-052)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution