Joomla Component [com_pinboard] Remote File Upload Vulnerability
A vulnerability exists in Joomla Component [com_pinboard] which allows an attacker to upload a malicious file on the target system. The attacker can exploit this vulnerability by using the following two URLs: 1-target.com/[path]/components/com_pinboard/popup/popup.php?option=showupload or 2-target.com/[path]/index2.php?option=com_pinboard&Itemid=117&action=popup%22&action=popup&task=uploadForm. After clicking on the photo in the top left corner, the attacker can upload a malicious file such as a shell.php.jpg and confirm it. The malicious file can then be accessed at target.com/[path]/images/stories/pinboard/picture/[name your shell].php.jpg or target.com/[path]/strona/components/com_pinboard/pictures/[name your shell].php.jpg