Description

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Remediation

References

CVE-2017-7989

Related Vulnerabilities

WordPress Plugin Widgets for SiteOrigin Security Bypass (1.4.2)

WordPress Plugin Slideshow Gallery 2 'border' Parameter Cross-Site Scripting (1.1.4)

CakePHP Improper Input Validation Vulnerability (CVE-2010-4335)

MySQL CVE-2019-2587 Vulnerability (CVE-2019-2587)

Nginx Out-of-bounds Write Vulnerability (CVE-2011-4315)

Severity

Medium

Classification

CVE-2017-7989 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities