Vulnerability Details : CVE-2013-5576
Public exploit exists!
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
Vulnerability category: Input validation
Products affected by CVE-2013-5576
- cpe:2.3:a:joomla:joomla\!:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5576
77.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-5576
-
Joomla Media Manager File Upload Vulnerability
Disclosure Date: 2013-08-01First seen: 2020-04-26exploit/unix/webapp/joomla_media_upload_execThis module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code exe
CVSS scores for CVE-2013-5576
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-5576
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5576
-
http://www.exploit-db.com/exploits/27610
Joomla! Component Media Manager - Arbitrary File Upload (Metasploit) - PHP remote ExploitExploit
-
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626
[#31626] - Unauthorized file upload security issue
-
https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2
Prepare 3.1.5 release · joomla/joomla-cms@1ed07e2 · GitHub
-
http://seclists.org/oss-sec/2013/q3/484
oss-sec: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5
-
http://www.kb.cert.org/vuls/id/639620
VU#639620 - Joomla! Media Manager allows arbitrary file upload and executionUS Government Resource
-
https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8
Prepare 2.5.14 release · joomla/joomla-cms@fa56452 · GitHubExploit;Patch
-
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/
Joomla patches file manager vulnerability responsible for hijacked websites - CSO | The Resource for Data Security Executives
-
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
[20130801] - Core - Unauthorised Uploads
-
http://seclists.org/oss-sec/2013/q3/486
oss-sec: Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5
Jump to