CVE-2011-5134

Name of the Vulnerable Software and Affected Versions JCE component versions prior to 2.0.18 for Joomla!

Description The issue allows remote authenticated users with author privileges to execute arbitrary PHP code by uploading a file with a double extension. This can be achieved by uploading a file such as .php.gif.

Recommendations For JCE component versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling the file.php extension in the JCE component to minimize the risk of exploitation.