CVE-2007-4781

Joomla - Improper Input Validation

Title source: rule

Description

administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · phpwebappsphp

https://www.exploit-db.com/exploits/4350

View Code ZIP pw:eip

References (4)

[Exploit, Patch] http://www.securityfocus.com/bid/25508

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36424

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4350

[Third Party Advisory, VDB Entry] http://osvdb.org/45888

Scores

EPSS 0.0012

EPSS Percentile 30.8%

Details

CWE

CWE-20

Status published

Products (3)

joomla/joomla 1.5.0_beta1

joomla/joomla 1.5.0_beta2

joomla/joomla 1.5.0_rc1

Published Sep 10, 2007

Tracked Since Feb 18, 2026