Vigil@nce - Joomla K2: read-write access
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can bypass access restrictions of Joomla K2, in
order to read or alter data.
Impacted products: Joomla Extensions not comprehensive.
Severity: 1/4.
Creation date: 30/11/2015.
DESCRIPTION OF THE VULNERABILITY
The K2 extension can be installed on Joomla.
However, an attacker can bypass access restrictions to data,
because the thumbnails directory a the 0777 mode.
A local attacker can therefore bypass access restrictions of
Joomla K2, in order to read or alter data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-K2-read-write-access-18401