CVE-2011-5148

Name of the Vulnerable Software and Affected Versions Joomla! mod simplefileupload module versions prior to 1.3.5

Description The issue allows remote attackers to execute arbitrary code by uploading a file with a php5, php6, or double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/. This has been exploited in the wild.

Recommendations For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the images/ directory to minimize the risk of exploitation. Avoid using the mod simplefileupload module until the issue is resolved.