Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5004

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-5004
Last Modified 16 Feb 2012 11:10:48
Published 24 Dec 2011 08:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-5004

Summary

Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Vulnerable Systems

Application

  • Com Fabrikar 1.0.1

  • Com Fabrikar 1.0.6

  • Com Fabrikar 2.0.2

  • Com Fabrikar 2.0.4

  • Com Fabrikar 2.0.5

  • Com Fabrikar 2.1


References

MISC - http://www.vulnerability-lab.com/get_content.php?id=342

OSVDB - 77371

CONFIRM - http://www.ohloh.net/p/3417/commits/145749116

SECUNIA - 47036

BID - 50823


Last Updated: 27 May 2016 10:57:58