Published: 31/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module prior to 1.3.5 for Joomla! allow remote malicious users to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wasen mod_simplefileupload 1.0
wasen mod_simplefileupload
wasen mod_simplefileupload 1.1

<?PHP /* -------------------------------------------------------------------------------- Title: Simple File Upload v13 (module for joomla) Remote Code Execution Exploit -------------------------------------------------------------------------------- Author: gmda Google Dork:"Simple File Upload v ...

NVD-CWE-Other http://www.exploit-db.com/exploits/18287 http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload_1.3 http://www.securityfocus.com/bid/51234 http://www.osvdb.org/78122 http://www.securityfocus.com/bid/51214 http://secunia.com/advisories/47370 http://wasen.net/index.php?option=com_content&view=article&id=87&Itemid=59 https://exchange.xforce.ibmcloud.com/vulnerabilities/72023 https://nvd.nist.gov https://www.exploit-db.com/exploits/18287/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-5148

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect