- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.15 and all previous 1.5 releases
- Exploit type: Code upload
- Reported Date: 2009-Dec-30
- Fixed Date: 2010-Apr-23
Description
The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.
Affected Installs
All 1.5.x installs prior to and including 1.5.15 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.16 or later)
Contact
The JSST at the Joomla! Security Centre.
Reported By: Nicola Bettini