oss-sec mailing list archives
CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 24 Aug 2013 14:48:13 +0200
Joomla 2.5.14 and 3.1.5 releases fix a security issue: http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 It says "CVE Number: Pending", maybe they already requested a CVE themselves. Code commit 2.5: https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 Code commit 3.1: https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2 Issue also exists in 1.5 (end of life): http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626 Exploit in the wild: https://github.com/rapid7/metasploit-framework/pull/2219 http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/ -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 Hanno Böck (Aug 24)
- Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 cve-assign (Aug 24)