• Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.6.4
  • Exploit type: Shell Upload
  • Reported Date: 2016-October-26
  • Fixed Date: 2016-December-06
  • CVE Number: CVE-2016-9836

Description

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.6.4

Solution

Upgrade to version 3.6.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Xiphos Research Ltd.
Rate this post
Брой прочитания на тази страница: 1421
[20161202] – Core – Shell Upload

Подобни публикации:

  1. [20161001] – Core – Account Creation
  2. [20160802] – Core – XSS Vulnerability
  3. [20161002] – Core – Elevated Privileges
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *