oss-sec mailing list archives
Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5
From: cve-assign () mitre org
Date: Sat, 24 Aug 2013 10:46:33 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html Code commit 2.5: https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 Code commit 3.1: https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2 Issue also exists in 1.5 (end of life): http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626 Exploit in the wild: https://github.com/rapid7/metasploit-framework/pull/2219 http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/
Here, the CVE abstraction for the main issue seems clear, so we are assigning: CVE-2013-5576 - incomplete validation of $format in media.php in Joomla! 1.5.x (before a certain unofficial patch), 2.x before 2.5.14, and 3.x before 3.1.5 The above tracker_item_id=31626 reference has other statements about 1.5.x security that might (or might not) be assigned other CVEs later. For example: Adddate: 2013-08-01 16:35:29 There seems, though, to be at least one more problem with the "media.php" file: the "defined('_JEXEC') or die('Restricted access')" execution protection is missing. (The security relevance of this is disputed later in the same item.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSGMUOAAoJEGvefgSNfHMdeuYH/3SpoMD4tUKNCNgkeY5zaRwo Aw+dC/sfXt1KIDKCR6jX3nyxdZdcPjUs9dgdZtFYd1uQl9sj+Y67hCUyD16KZ3p+ rCkNidGl6X3RYPpERmzsNd4N9ty51ZmeK5Q7cISXGEXIKcaWnxX/fHyr/fN8boIb +GwqvNHdBZTgTE5kmo8wpAGVCA7VaXgdGAXAWLqLJ4ADGumJAiaG8s5f6xuQcOgk 3B7AET8ms3qAbbDv/1BnYBXGOHOAHRN0uqjHgS0gBrEaSVxBFusrCr/9IzLn1w+e NLmQdN2QfbSc6IXvp8LydMGaNQtv6E9cmH12wrakwi1EVfE28MlgOgcvYQSYQck= =763k -----END PGP SIGNATURE-----
Current thread:
- CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 Hanno Böck (Aug 24)
- Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 cve-assign (Aug 24)