- Core - Installer Migration Script
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.15 and all previous 1.5 releases
- Exploit type: Code upload
- Reported Date: 2009-Dec-30
- Fixed Date: 2010-Apr-23
The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.
All 1.5.x installs prior to and including 1.5.15 are affected.
Upgrade to the latest Joomla! version (1.5.16 or later)
Reported by Nicola Bettini
The JSST at the Joomla! Security Center.