Vulnerabilities > CVE-2011-5004 - Unspecified vulnerability in Fabrikar COM Fabrikar

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

fabrikar

joomla

NVD

Published: 2011-12-25

Updated: 2012-02-17

Summary

Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Vulnerable Configurations

Part	Description	Count
Application	Fabrikar Fabrikar COM Fabrikar 1.0.1 Fabrikar COM Fabrikar 1.0.6 Fabrikar COM Fabrikar 2.0.2 Fabrikar COM Fabrikar 2.0.4 Fabrikar COM Fabrikar 2.0.5 Fabrikar COM Fabrikar *	6
Application	Joomla Joomla Joomla! *	1

References

http://secunia.com/advisories/47036
http://www.ohloh.net/p/3417/commits/145749116
http://www.osvdb.org/77371
http://www.securityfocus.com/bid/50823
http://www.vulnerability-lab.com/get_content.php?id=342