• Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.6.4
  • Exploit type: Shell Upload
  • Reported Date: 2016-October-26
  • Fixed Date: 2016-December-06
  • CVE Number: CVE-2016-9836


Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.6.4


Upgrade to version 3.6.5


The JSST at the Joomla! Security Centre.

Reported By: Xiphos Research Ltd.
Rate this post
Брой прочитания на тази страница: 1073
[20161202] – Core – Shell Upload
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *