Vigil@nce - Joomla JoomLeague: PHP file upload
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can upload a malicious file on Joomla JoomLeague, in
order for example to upload a Trojan.
– Impacted products: Joomla Extensions
– Severity: 2/4
– Creation date: 04/11/2013
DESCRIPTION OF THE VULNERABILITY
The Joomla JoomLeague component uses Open Flash Chart.
However, an attacker can call the ofc_upload_image.php script, in
order to upload a PHP file on the server.
An attacker can therefore upload a malicious file on Joomla
JoomLeague, in order for example to upload a Trojan.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-JoomLeague-PHP-file-upload-13694