HTTP: Joomla Media Manager Arbitrary File Upload

This signature detects attempts to exploit a known vulnerability against Joomla Media Manager. Attackers can upload arbitrary files on the targeted system and gain unauthorized, remote access.

Extended Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Affected Products

Joomla joomla!

References

BugTraq: 61582

CVE: CVE-2013-5576

Short Name
HTTP:JOOMLA-MEDIAMGR-FILEUPLOAD
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2013-5576 File Joomla Manager Media Upload bid:61582
Release Date
11/26/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Joomla

CVSS Score

6.8

Found a potential security threat?