Vulners
Lucene search
JomSocial 1.8.8 Shell Upload Vulnerability
There is a file upload vulnerability in version 1.8.8 and earlier of
JomSocial, the popular community extension for Joomla!.
Successful exploitation of this exploit requires the site to be
configured to allow users to upload video files directly, which is
disabled by default. If this feature is enabled, any file uploaded via
the "add video" upload form will end up in
http://[victim]/images/originalvideos/[your account's user id]/[unique
file name]. This folder is not protected with an index, so if indexes
are allowed retrieving the shell's filename is trivial.
Listed on the JomSocial Changelog as "BUG: 4495"
<http://www.jomsocial.com/docs/Change_Log#Version_1.8.9>
Timeline
* Vulnerabilities Discovered: 26 September 2010
* Vendor Notified: 27 September 2010
* Vendor Response: 27 September 2010
* Update Available: 28 September 2010
* Disclosure: 30 September 2010
http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1