CVE-2007-4781

Name of the Vulnerable Software and Affected Versions: Joomla! versions 1.5 Beta1 through 1.5 RC1

Description: The issue allows remote authenticated administrators to upload arbitrary files to the tmp/ directory via the "Upload Package File" functionality in the installer component. This is accessible when com installer is the value of the option parameter in the administrator/index.php file.

Recommendations: For Joomla! versions 1.5 Beta1 through 1.5 RC1, consider disabling the "Upload Package File" functionality in the com installer component until a fix is available. Restrict access to the tmp/ directory to minimize the risk of exploitation. Avoid using the option parameter with the value of com installer in the administrator/index.php file until the issue is resolved.