Full title: Joomla Component com_jce remote Code Injecion / Execution Exploit (perl) 
Category: web applications
Platform: php
JCE component for Joomla! could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the file.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

Remedy:

Upgrade to the latest version of JCE component for Joomla! (2.1.0 or later), available from the Joomla! Web site. See References.

Platforms Affected:

    Joomla! JCE component for Joomla! 2.0.21
    Joomla! Joomla!

# 0day.today @ http://0day.today/