• Project: Joomla!
  • Subproject: All
  • Severity: Low
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Code upload
  • Reported Date: 2009-Dec-30
  • Fixed Date: 2010-Apr-23


The migration script in the Joomla! the installer does not check file type uploaded Being. If the installation application is present, an attacker Could use it to upload malicious files to a server.

Affected Installs

All 1.5.x installs prior to and Including 1.5.15 are affected.


Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Nicola Bettini


The JSST at the Joomla! Security Center .

Questo pagina è disponibile anche in: Dutch French German Italian Spanish

Leave a Reply