CVE-2006-4471

Joomla! < 1.0.11 - Unrestricted File Upload

Title source: rule

Description

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.

References (5)

[Third Party Advisory] http://secunia.com/advisories/21666

[Vendor Advisory] http://www.joomla.org/content/view/1841/78/

[Vendor Advisory] http://www.joomla.org/content/view/1843/74/

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3408

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28630

Scores

EPSS 0.0010

EPSS Percentile 26.7%

Classification

CWE

CWE-434

Status draft

Affected Products (1)

joomla/joomla\! < 1.0.11

Timeline

Published Aug 31, 2006

Tracked Since Feb 18, 2026