- Project: Joomla!
- Subproject: All
- Severity: Low
- Versions: 1.5.15 and all previous 1.5 releases
- Exploit type: Code upload
- Reported Date: 2009-Dec-30
- Fixed Date: 2010-Apr-23
Description
The migration script in the Joomla! the installer does not check file type uploaded Being. If the installation application is present, an attacker Could use it to upload malicious files to a server.
Affected Installs
All 1.5.x installs prior to and Including 1.5.15 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.16 or later)
Reported by Nicola Bettini
Contact
The JSST at the Joomla! Security Center .