OSVDB ID: 78122

Title: Simple File Upload Module for Joomla! modules/mod_simplefileuploadv1.3/helper.php File Upload Arbitrary Code Execution

Info

Disclosure

Dec 26, 2011

Discovery

Unknown

Dates

Exploit

Dec 26, 2011

Solution

Unknown

Description

The Simple File Upload Module for Joomla! contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the modules/mod_simplefileuploadv1.3/helper.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Anders Wasen

Simple File Upload Module for Joomla!

1.3
1.3.5

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/78122