Affected version: JomSocial JomSocial < 1.8.9 vulnerability description: Joomla! Is an open source content management system CMS to.
Joomla! JomSocialy Assembly on the realization of the presence of design vulnerabilities, a remote attacker could exploit this vulnerability to upload arbitrary files to the Web directory, The final result in the server executing arbitrary commands.
The software does not properly restrict file uploads, an attacker can upload a PHP code file to execute arbitrary commands. Exploiting this vulnerability requires the system to open a direct video upload function and allows the column directory.
<reference <http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html> >
JomSocial --------- The current vendors have in 1. 8. 9 and later versions of the software fixes this security issue, please go to the manufacturers home page download: