CVE-2007-3932

Name of the Vulnerable Software and Affected Versions: Joomla! com expose component versions prior to RC35

Description: The issue allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. This is possible because the uploadimg.php file in the com expose component for Joomla! does not properly handle attempts to upload non-JPEG files, sending an error message but failing to exit the process.

Recommendations: For versions prior to RC35, update to a version that includes a fix for this issue to prevent the upload and execution of arbitrary PHP code. As a temporary workaround, consider restricting access to the uploadimg.php file or the img/ folder to minimize the risk of exploitation.