|Date: (C)2007-09-10 (M)2017-10-04|
|CVSS Score: 6.6||Access Vector: NETWORK|
|Exploitability Subscore: 3.9||Access Complexity: HIGH|
|Impact Subscore: 9.2||Authentication: SINGLE_INSTANCE|
| ||Confidentiality: NONE|
| ||Integrity: COMPLETE|
| ||Availability: COMPLETE|
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.