CVE-2011-5148 – Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. Mútiples vulnerabilidades de lista negra incompleta en el módulo Simple File Upload (mod_simplefileuploadv1.3) anteriores a v1.3.5 para Joomla! permite a atacantes remotos ejecutar código de su elección subiendo un archivo con la extensión (1) php5, (2) php6, o (3) doble extensión (ej. .php.jpg), para acceder al fichero mediante una solicitud directa en la ruta images/, como se ha explotado en enero de 2012. • https://www.exploit-db.com/exploits/18287 http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3 http://secunia.com/advisories/47370 http://wasen.net/index.php?option=com_content&view=article&id=87&Itemid=59 http://www.exploit-db.com/exploits/18287 http://www.osvdb.org/78122 http://www.securityfocus.com/bid/51214 http://www.securityfocus.com/bid/51234 https://exchange.xforce.ibmcloud.com/vulnerabilities/72023 •