Vulnerability Description
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | >= 1.5.0, <= 1.5.15 |
Related Weaknesses (CWE)
References
- https://developer.joomla.org/security-centre/310-20100423-core-installer-migratiVendor Advisory
- https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upThird Party Advisory
- https://developer.joomla.org/security-centre/310-20100423-core-installer-migratiVendor Advisory
- https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upThird Party Advisory
FAQ
What is CVE-2010-1433?
CVE-2010-1433 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to ...
How severe is CVE-2010-1433?
CVE-2010-1433 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2010-1433?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.