Main
Vulnerability Database
Exploits
ID:1729 - Exploit for Arbitrary file upload in Joomla! - CVE-2013-5576
ID:1729 - Exploit for Arbitrary file upload in Joomla! - CVE-2013-5576
Published: March 18, 2020
Vulnerability identifier: #VU4605
Vulnerability risk: Critical
CVE-ID: CVE-2013-5576
CWE-ID: CWE-434
Exploitation vector: Remote access
Vulnerable software:
Joomla!
Joomla!
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The weakness exists due to improper validation of file extensions by the media.php and index.php scripts. A remote attacker can create a specially crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to improper validation of file extensions by the media.php and index.php scripts. A remote attacker can create a specially crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Update to version 2.5.14 or 3.1.5.