Joomla! JomSocial component arbitrary file upload vulnerability and fix-vulnerability warning-the black bar safety net

2010-10-14T00:00:00
ID MYHACK58:62201028101
Type myhack58
Reporter 佚名
Modified 2010-10-14T00:00:00

Description

Affected version: JomSocial JomSocial < 1.8.9 vulnerability description: Joomla! Is an open source content management system CMS to.

Joomla! JomSocialy Assembly on the realization of the presence of design vulnerabilities, a remote attacker could exploit this vulnerability to upload arbitrary files to the Web directory, The final result in the server executing arbitrary commands.

The software does not properly restrict file uploads, an attacker can upload a PHP code file to execute arbitrary commands. Exploiting this vulnerability requires the system to open a direct video upload function and allows the column directory.

<reference <http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html> >

Manufacturers patch:

JomSocial --------- The current vendors have in 1. 8. 9 and later versions of the software fixes this security issue, please go to the manufacturers home page download:

<http://www.jomsocial.com/>