[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-4781

Date: (C)2007-09-10   (M)2017-10-04
 
CVSS Score: 6.6Access Vector: NETWORK
Exploitability Subscore: 3.9Access Complexity: HIGH
Impact Subscore: 9.2Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: COMPLETE
 Availability: COMPLETE











administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.

Reference:
BID-25508
EXPLOIT-DB-4350
OSVDB-45888
joomla-admin-index-file-upload(36424)

CWE    1
CWE-20

© 2013 SecPod Technologies