Joomla patches file upload vulnerability

  LukeW
  August 15, 2013 3:41am

Joomla! has released a patch that addresses a critical vulnerability that allows an attacker the ability to bypass file-type upload restrictions. The flaw has been linked to several site compromises, as well as malware distribution and phishing campaigns.

Joomla! credits discovery of the bug to Web security firm Versafe, which says a simple exploit targeting the vulnerability is already in use. Joomla versions 2.5.14 and 3.1.5. fix a serious bug that allows unprivileged users to upload arbitrary .PHP files just by adding a “.” (period) to the end of PHP filenames.

 

0 Reponse

Post Response