Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-2902
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-21 May, 2012 | 18:55
Updated At-11 Apr, 2025 | 00:51

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches
ryan_demmer
ryan_demmer
>>joomla_content_editor>>Versions up to 2.0.21(inclusive)
cpe:2.3:a:ryan_demmer:joomla_content_editor:*:*:*:*:*:*:*:*
ryan_demmer
ryan_demmer
>>joomla_content_editor>>2.0
cpe:2.3:a:ryan_demmer:joomla_content_editor:2.0:*:*:*:*:*:*:*
Joomla!
joomla
>>joomla\!>>*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
Evaluator Description
Per: http://cwe.mitre.org/data/definitions/434.html 'Unrestricted Upload of File with Dangerous Type'
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/81980cve@mitre.org
N/A
http://secunia.com/advisories/49206cve@mitre.org
Vendor Advisory
http://secunia.com/secunia_research/2012-15/cve@mitre.org
Vendor Advisory
http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32cve@mitre.org
N/A
http://www.securityfocus.com/bid/51002cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/75671cve@mitre.org
N/A
http://osvdb.org/81980af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/49206af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/secunia_research/2012-15/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/51002af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/75671af854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found