vendor:
Expose
by:
N/A
CVSS
HIGH
Remote Permission Bypass/Arbitrary File Upload
CWE
Product Name: Expose
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Joomla Component Expose <= RC35 Remote Permission Bypass/Arbitrary File Upload Vulnerability
The Joomla component Expose <= RC35 has a vulnerability that allows for remote permission bypass and arbitrary file upload. The vulnerable file is /com_expose/uploadimg.php. The target_path variable is set to ../../../components/com_expose/expose/img/. If the uploaded file does not have a .jpg extension, an alert is displayed. An attacker can upload a PHP shell using the link http://site.com/administrator/components/com_expose/uploadimg.php. The shell file can be found at http://site.com/components/com_expose/expose/img/
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of the Joomla component Expose. Additionally, access to the uploadimg.php file should be restricted to authorized users only.