Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:PHP:JOOMLA-JCE-FILE-UPLOAD |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Joomla JCE Editor File Upload |
Release Date |
2013/01/18 |
Update Number |
2226 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Joomla JCE Editor File Upload
This signature detects attempts to exploit a known vulnerability in the Joomla JCE Editor. By supplying a maliciously crafted file upload request to a php script, attackers can cause files to be uploaded to an arbitrary location, possibly leading to script execution.
Extended Description
The JCE component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Versions prior to JCE component 2.1.0 are vulnerable.
Affected Products
- Joomla jce 2.0.10
- Joomla jce 2.0.17
- Joomla jce 2.0.18
- Joomla jce 2.0.19
- Joomla jce 2.0.21
References
- BugTraq: 51002
- CVE: CVE-2012-2902
- URL: http://www.joomlacontenteditor.net/
- URL: http://secunia.com/secunia_research/2012-15/