PT-2020-7883 · Joomla · Jce Joomla
Fábio Pires
+2
·
Published
2020-03-09
·
Updated
2020-03-10
·
CVE-2015-7339
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
JCE Joomla Component versions 2.5.0 through 2.5.2
Description:
The issue allows arbitrary file upload via a .php file extension for an image file to the "/com jce/editor/libraries/classes/browser.php" script.
Recommendations:
For versions 2.5.0 through 2.5.2, consider disabling the upload functionality in the browser.php script until a patch is available.
Restrict access to the /com jce/editor/libraries/classes/browser.php script to minimize the risk of exploitation.
Avoid using the .php file extension for image files in the affected JCE Joomla Component versions until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jce Joomla