⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2013-5576Improper Input Validation in Joomla !

CWE-20Improper Input Validation6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
52.1%
top 2.08%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Joomla !
Timeline
PublishedOct 9
Latest updateMay 17

Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDjoomla/joomla_!24 versions+23

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-57fx-rj36-27v4: administrator/components/com_media/helpers/media2022-05-17
CVEList
CVE-2013-5576: administrator/components/com_media/helpers/media2013-10-09
VulnCheck
Joomla! Joomla! Improper Input Validation2013

💥Exploits & PoCs

2
Exploit-DB
Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)2013-08-15
Metasploit
Joomla Media Manager File Upload Vulnerability
CVE-2013-5576 — Improper Input Validation in Joomla ! | cvebase