OpenCVE

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla\!
Widgetfactorylimited	Com Jce

Configuration 1 [-]

AND

OR	cpe:2.3:a:widgetfactorylimited:com_jce::::::::
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.0:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.1:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.2:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.3:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.4:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.5:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.6:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.7:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.8:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.9:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.10:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.11:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.12:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.13:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.14:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.15:::::::*
	cpe:2.3:a:widgetfactorylimited:com_jce:2.0.16:::::::*

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/47190
http://www.joomlacontenteditor.net/news/item/jce-2018-released?category_id=32
http://www.osvdb.org/77579

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-30T22:00:00Z

Updated: 2024-09-16T18:17:48.313Z

Reserved: 2012-08-30T00:00:00Z

Link: CVE-2011-5134

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-30T22:55:04.387

Modified: 2024-11-21T01:33:43.300

Link: CVE-2011-5134

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object