Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Remediation

References

CVE-2013-5576

Related Vulnerabilities

MediaWiki Incorrect Default Permissions Vulnerability (CVE-2011-4361)

WordPress Plugin bbPress Cross-Site Scripting (2.5.8)

WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)

Joomla! Core 2.5.x Arbitrary File Upload (2.5.0 - 2.5.13)

WordPress Plugin Super CAPTCHA 'admin.php' SQL Injection (2.2.4)

Severity

Medium

Classification

CVE-2013-5576 CWE-20

Tags

Missing Update Known Vulnerabilities