9.8
CVSSv3

CVE-2011-4908

Published: 12/02/2020 Updated: 25/02/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

TinyBrowser plugin for Joomla! prior to 1.5.13 allows arbitrary file upload via upload.php.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tiny tinybrowser

Exploits

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Rem ...
============================================================================== TinyBrowser (TinyMCE Editor File browser) 1416 - Multiple Vulnerabilities ============================================================================== Discovered by Aung Khant, YGN Ethical Hacker Group, Myanmar yehgnet/ ~ believe in full disclosure Advis ...

Metasploit Modules

Joomla 1.5.12 TinyBrowser File Upload Code Execution

This module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 1.5.12 of joomla and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

msf > use exploit/unix/webapp/joomla_tinybrowser
      msf exploit(joomla_tinybrowser) > show targets
            ...targets...
      msf exploit(joomla_tinybrowser) > set TARGET <target-id>
      msf exploit(joomla_tinybrowser) > show options
            ...show and set options...
      msf exploit(joomla_tinybrowser) > exploit