Joomla! Developer Network

  • Project: Joomla!
  • SubProject: All
  • Severity: Critical
  • Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
  • Exploit type: Unauthorised Uploads
  • Reported Date: 2013-June-25
  • Fixed Date: 2013-July-31
  • CVE Number: Pending

Description

Inadequate filtering leads to the ability to bypass file type upload restrictions.

Affected Installs

Joomla! version 2.5.13 and earlier 2.5.x versions; and version 3.1.4 and earlier 3.x versions.

Solution

Upgrade to version 2.5.14 or 3.1.5.

Contact

The JSST at the Joomla! Security Center.

Reported By: Versafe

Current Release

Legacy Release

Note: View known compatibility Issues

Current Release: 1.1.0

Upcoming Release: 1.2

Joomla! Reading

Joomla! Programming

Joomla! Programming

Mark Dexter & Louis Landry
Joomla! Templates

Joomla! Templates

Angie Radtke