CVE-2013-5576

EXPLOITED IN THE WILD

Joomla! <2.5.14, <3.1.5 - Auth Bypass

Title source: llm

Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/27610

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Jens Hinrichsen, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/joomla_media_upload_exec.rb

View Code ZIP pw:eip

References (9)

[Various Sources] http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html

[Various Sources] http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626

[Mailing List] http://seclists.org/oss-sec/2013/q3/484

[Mailing List] http://seclists.org/oss-sec/2013/q3/486

[Various Sources] http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/

[Exploit] http://www.exploit-db.com/exploits/27610

[US Government Resource] http://www.kb.cert.org/vuls/id/639620

[Exploit, Patch] https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8

[Patch] https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2

Scores

EPSS 0.5212

EPSS Percentile 97.9%

Details

VulnCheck KEV 2013-10-09

InTheWild.io 2013-12-01

CWE

CWE-20

Status published

Products (24)

joomla/joomla\! 2.5.0

joomla/joomla\! 2.5.1

joomla/joomla\! 2.5.2

joomla/joomla\! 2.5.3

joomla/joomla\! 2.5.4

joomla/joomla\! 2.5.5

joomla/joomla\! 2.5.6

joomla/joomla\! 2.5.7

joomla/joomla\! 2.5.8

joomla/joomla\! 2.5.9

... and 14 more

Published Oct 09, 2013

Tracked Since Feb 18, 2026