CVE-2013-5576

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-5576
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/oss-sec/2013/q3/484
https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 Exploit Patch
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626
http://www.exploit-db.com/exploits/27610 Exploit
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/
http://seclists.org/oss-sec/2013/q3/486
http://www.kb.cert.org/vuls/id/639620 US Government Resource
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomla:joomla\!:2.5.12:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.11:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.13:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.8:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:2.5.9:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:joomla:joomla\!:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.0.1:*:*:*:*:*:*:*
Information

Published : 2013-10-09 07:54

Updated : 2013-11-30 20:31

NVD link : CVE-2013-5576

Mitre link : CVE-2013-5576

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

joomla

  • joomla\!