Re: CVE-request for three 2009 Joomla issues

[Kurt Seifried <kseifried () redhat com>]

On 12/24/2011 05:27 PM, Henri Salo wrote:
> I didn't find CVE-identifiers for these issues:
>
> 1) Joomla! TinyMCE Editor Tiny Browser Plugin File Upload Arbitrary PHP Code Execution
> http://osvdb.org/show/osvdb/56276
> http://developer.joomla.org/security/news/301-20090722-core-file-upload.html

Please use CVE-2011-4906 for this issue.
> 2) Joomla! Missing JEXEC Check Weakness Path Disclosure
> http://osvdb.org/show/osvdb/56277
> http://developer.joomla.org/security/news/302-20090722-core-missing-jexec-check.html
Please use CVE-2011-4907 for this issue.
> 3) TinyBrowser Plugin for Joomla! upload.php folder Parameter Arbitrary File Upload
> http://osvdb.org/show/osvdb/64578
Please ue CVE-2011-4908 for this issue.

> Secunia advisory for three issues: http://secunia.com/advisories/35899/
>
> - Henri Salo


--

-Kurt Seifried / Red Hat Security Response Team