CVE-2007-4781

Sažetak

administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.

Reference

http://osvdb.org/45888
http://www.securityfocus.com/bid/25508
https://exchange.xforce.ibmcloud.com/vulnerabilities/36424
https://www.exploit-db.com/exploits/4350

CVSS

Base:	6.6
Impact:	9.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:29

Objavljeno

10-09-2007 - 21:17