• Project: Joomla!
  • Subproject: All
  • Severity: Low
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Code upload
  • Reported Date: 2009-Dec-30
  • Fixed Date: 2010-Apr-23

Description

The migration script in the Joomla! the installer does not check file type uploaded Being. If the installation application is present, an attacker Could use it to upload malicious files to a server.

Affected Installs

All 1.5.x installs prior to and Including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Nicola Bettini

Contact

The JSST at the Joomla! Security Center .