Vulnerabilities > CVE-2012-2902 - Unspecified vulnerability in Ryan Demmer Joomla Content Editor 2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. Per: http://cwe.mitre.org/data/definitions/434.html 'Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |