The weakness was disclosed 08/01/2013 by Jens Hinrichsen.
Vulnerability details
Advisory: SB2013072501 - Arbitrary file upload in Joomla!
Vulnerable component: Joomla!
CVE-ID: CVE-2013-5576
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type
Description:
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The weakness exists due to improper validation of file extensions by the media.php and index.php scripts. A remote attacker can create a specially crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Public Exploits:
External links:
https://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_...
http://www.kb.cert.org/vuls/id/639620
http://niiconsulting.com/checkmate/2013/08/critical-joomla-file-upload-vulnerability/
https://blog.sucuri.net/2013/08/joomla-media-manager-attacks-in-the-wild.html
http://holisticinfosec.blogspot.com/2013/10/joomla-vulnerabilities-responsible.htm