// For flags

CVE-2013-5576

Joomla! Component Media Manager - Arbitrary File Upload

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

administrator/components/com_media/helpers/media.php en el gestor de medios de Joomla! 2.5.x anterior a la versión 2.5.14 y 3.x anterior a 3.1.5 permite a usuarios remotos autenticados o a atacantes remotos evadir restricciones de acceso intencionadas y subir archivos con extensiones peligrosas a través de un nombre de archivo con un . (punto), tal y como se explotó activamente en agosto de 2013.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-08-15 First Exploit
  • 2013-08-23 CVE Reserved
  • 2013-10-09 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-11-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.0
Search vendor "Joomla" for product "Joomla\!" and version "2.5.0"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.1
Search vendor "Joomla" for product "Joomla\!" and version "2.5.1"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.2
Search vendor "Joomla" for product "Joomla\!" and version "2.5.2"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.3
Search vendor "Joomla" for product "Joomla\!" and version "2.5.3"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.4
Search vendor "Joomla" for product "Joomla\!" and version "2.5.4"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.5
Search vendor "Joomla" for product "Joomla\!" and version "2.5.5"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.6
Search vendor "Joomla" for product "Joomla\!" and version "2.5.6"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.7
Search vendor "Joomla" for product "Joomla\!" and version "2.5.7"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.8
Search vendor "Joomla" for product "Joomla\!" and version "2.5.8"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.9
Search vendor "Joomla" for product "Joomla\!" and version "2.5.9"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.10
Search vendor "Joomla" for product "Joomla\!" and version "2.5.10"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.11
Search vendor "Joomla" for product "Joomla\!" and version "2.5.11"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.12
Search vendor "Joomla" for product "Joomla\!" and version "2.5.12"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
2.5.13
Search vendor "Joomla" for product "Joomla\!" and version "2.5.13"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.0.0
Search vendor "Joomla" for product "Joomla\!" and version "3.0.0"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.0.1
Search vendor "Joomla" for product "Joomla\!" and version "3.0.1"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.0.2
Search vendor "Joomla" for product "Joomla\!" and version "3.0.2"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.0.3
Search vendor "Joomla" for product "Joomla\!" and version "3.0.3"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.0.4
Search vendor "Joomla" for product "Joomla\!" and version "3.0.4"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.1.0
Search vendor "Joomla" for product "Joomla\!" and version "3.1.0"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.1.1
Search vendor "Joomla" for product "Joomla\!" and version "3.1.1"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.1.2
Search vendor "Joomla" for product "Joomla\!" and version "3.1.2"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.1.3
Search vendor "Joomla" for product "Joomla\!" and version "3.1.3"
-
Affected
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
3.1.4
Search vendor "Joomla" for product "Joomla\!" and version "3.1.4"
-
Affected