Main Vulnerability Database Vulnerabilities #VU12985

#VU12985 Unrestricted upload of file with dangerous type in Joomla! - CVE-2018-11322

Published: May 22, 2018 / Updated: May 23, 2018

Vulnerability identifier: #VU12985

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11322

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Joomla!

Software vendor:
Joomla!

Description

The vulnerability allows a remote attacker to upload dangerous files on the server.

The vulnerability exists due to the web application allows uploading of PHAR files that can be treated in certain web server configuration as PHP executable files. A remote attacker can upload a PHAR file and execute arbitrary PHP code on the target system.

Remediation

Update to version 3.8.8.

External links

https://developer.joomla.org/security-centre.html

#VU12985 Unrestricted upload of file with dangerous type in Joomla! - CVE-2018-11322

Description

Remediation

External links

Please verify you're human