Vulnerabilities > CVE-2012-2902 - Unspecified vulnerability in Ryan Demmer Joomla Content Editor 2.0

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ryan-demmer

joomla

NVD

Published: 2012-05-21

Updated: 2017-08-29

Summary

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. Per: http://cwe.mitre.org/data/definitions/434.html 'Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part	Description	Count
Application	Ryan_Demmer Ryan Demmer Joomla Content Editor 2.0 Ryan Demmer Joomla Content Editor *	2
Application	Joomla Joomla Joomla! *	1

References

http://osvdb.org/81980
http://secunia.com/advisories/49206
http://secunia.com/secunia_research/2012-15/
http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32
http://www.securityfocus.com/bid/51002
https://exchange.xforce.ibmcloud.com/vulnerabilities/75671