Scroll Top

Joomla vulnerability discovered

November 1, 2013

A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form (‘administrator/components/com_media/helpers/media.php’).

Joomla! allows files with a trailing ‘.’ to pass the upload checks.

Joomla versions 1.6 and greater allow site owners to grant public access to the media manager. For versions 1.5 and greater, the default configuration of Joomla only allows privileged users to access the media manager form. We are not aware if versions earlier than 1.5 are affected.

According to an advisory by the Joomla Security Center, the following versions are affected:

  • 2.5.13 and earlier 2.5.x versions
  • 3.1.4 and earlier 3.x versions

Solution

Apply an Update

  • Update to versions 2.5.14 or 3.1.5 or greater.

In addition, please consider the following workarounds:

Restrict Access

  • Apply the appropriate access controls to ensure that only authorized users may access the media manager.

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.

Related Posts

Joomla 3.7.1 Security and bugfix release

Joomla! 3.7.1 is now available. This is a security release for the 3.x series of Joomla! which addresses one critical security vulnerability and several bug fixes. The security issue was found to be the result of inadequate filtering of requested data that lead to a SQL Injection vulnerability. We…

17 May 2017
Joomla 3.7.3 update fixes 3 vulnerabilities

Joomla! has released version 3.7.3 of its Content Management System (CMS) software that addresses several security issues. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates,…

05 Jul 2017
Joomla! mod_banners script vulnerable up to version 3.9.1

A vulnerability was found in Joomla! that affects all versions from 2.5.0 to 3.9.1. The affected code is part of the mod_banners component. The manipulation with an unknown input leads to a cross site scripting vulnerability. Join Our Online Security and Hosting Newsletter Today and stay updated with the…

19 Jan 2019

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.
close-link
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy