Zero-day vulnerability in Joomla!

The weakness was disclosed 08/01/2013 by Jens Hinrichsen.

Advisory: SB2013072501 - Arbitrary file upload in Joomla!

Vulnerable component: Joomla!

CVE-ID: CVE-2013-5576

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Description:

The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.

The weakness exists due to improper validation of file extensions by the media.php and index.php scripts. A remote attacker can create a specially crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code.

Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

- Joomla! Component Media Manager - Arbitrary File Upload (Metasploit) [Exploit-DB]

External links:

https://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_...
http://www.kb.cert.org/vuls/id/639620
http://niiconsulting.com/checkmate/2013/08/critical-joomla-file-upload-vulnerability/
https://blog.sucuri.net/2013/08/joomla-media-manager-attacks-in-the-wild.html
http://holisticinfosec.blogspot.com/2013/10/joomla-vulnerabilities-responsible.htm