Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5148

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-5148
Last Modified 04 Sep 2012 12:00:00
Published 31 Aug 2012 05:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5148

Summary

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Vulnerable Systems

Application

  • Wasen Mod Simplefileupload 1.0

  • Wasen Mod Simplefileupload 1.1

  • Wasen Mod Simplefileupload 1.3

  • Wasen Mod Simplefileupload 1.3.5


References

XF - simplefileupload-index-code-exec(72023)

BID - 51234

BID - 51214

OSVDB - 78122

EXPLOIT-DB - 18287

CONFIRM - http://wasen.net/index.php?option=com_content&view=article&id=87&Itemid=59

SECUNIA - 47370

CONFIRM - http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3


Last Updated: 27 May 2016 11:00:26