Vulnerability Name:

CVE-2013-5576 (CCN-86161)

Assigned:2013-07-31
Published:2013-07-31
Updated:2013-12-01
Summary:administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2013-5576

Source: CONFIRM
Type: UNKNOWN
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html

Source: CCN
Type: Joomla! Developer Network Web site
[20130801] - Core - Unauthorised Uploads

Source: MISC
Type: UNKNOWN
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626

Source: MLIST
Type: UNKNOWN
[oss-security] 20130824 CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5

Source: MLIST
Type: UNKNOWN
[oss-security] 20130824 Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5

Source: CCN
Type: SA54326
Joomla! Arbitrary File Upload Vulnerability

Source: MISC
Type: UNKNOWN
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/

Source: EXPLOIT-DB
Type: Exploit
27610

Source: CCN
Type: Joomla! Web Site
Joomla!

Source: CCN
Type: US-CERT VU#639620
Joomla! Media Manager allows arbitrary file upload and execution

Source: CERT-VN
Type: US Government Resource
VU#639620

Source: CCN
Type: BID-61582
Joomla! 'media.php' Arbitrary File Upload Vulnerability

Source: XF
Type: UNKNOWN
joomla-mediamanager-media-file-upload(86161)

Source: CONFIRM
Type: UNKNOWN
https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2

Source: CONFIRM
Type: Exploit, Patch
https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8

Source: CCN
Type: Packet Storm Security [08-14-2013]
Joomla Media Manager File Upload Vulnerability

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-15-2013]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
Joomla Media Manager File Upload Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:joomla:joomla!:2.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:2.5.13:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:joomla:joomla!:3.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:joomla:joomla!:3.1.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    joomla joomla! 2.5.0
    joomla joomla! 2.5.1
    joomla joomla! 2.5.2
    joomla joomla! 2.5.3
    joomla joomla! 2.5.4
    joomla joomla! 2.5.5
    joomla joomla! 2.5.6
    joomla joomla! 2.5.7
    joomla joomla! 2.5.8
    joomla joomla! 2.5.9
    joomla joomla! 2.5.10
    joomla joomla! 2.5.11
    joomla joomla! 2.5.12
    joomla joomla! 2.5.13
    joomla joomla! 3.0.0
    joomla joomla! 3.0.1
    joomla joomla! 3.0.2
    joomla joomla! 3.0.3
    joomla joomla! 3.0.4
    joomla joomla! 3.1.0
    joomla joomla! 3.1.1
    joomla joomla! 3.1.2
    joomla joomla! 3.1.3
    joomla joomla! 3.1.4