CVE-2013-5576

EXPLOITED IN THE WILD

Joomla! <2.5.14, <3.1.5 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-5576 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Metasploit, Jens Hinrichsen, juan vazquez, including a Metasploit module exploits/unix/webapp/joomla_media_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in Joomla's Media Manager component (CVE-2013-5576), allowing unauthenticated or authenticated (Editor role or higher) attackers to upload and execute malicious PHP files, leading to remote code execution.

Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/27610

This Metasploit module exploits an arbitrary file upload vulnerability in Joomla's Media Manager component (CVE-2013-5576), allowing unauthenticated or authenticated (Editor role or higher) attackers to upload and execute malicious PHP files, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Joomla 2.5.x up to 2.5.13 and 3.x up to 3.1.4
No auth needed
Prerequisites: Access to the Media Manager component (public or authenticated) · Valid credentials if authentication is required
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Jens Hinrichsen, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/joomla_media_upload_exec.rb

This Metasploit module exploits a file upload vulnerability in Joomla's Media Manager component (CVE-2013-5576), allowing arbitrary PHP file upload and remote code execution. It supports both authenticated and unauthenticated exploitation depending on the target configuration.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Joomla 2.5.x up to 2.5.13 and 3.x up to 3.1.4
No auth needed
Prerequisites: Network access to Joomla Media Manager · Valid credentials if authentication is required
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/27610
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/639620
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/486
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/484

Scores

EPSS 0.5212
EPSS Percentile 98.0%

Details

VulnCheck KEV 2013-10-09
InTheWild.io 2013-12-01
CWE
CWE-20
Status published
Products (24)
joomla/joomla\! 2.5.0
joomla/joomla\! 2.5.1
joomla/joomla\! 2.5.2
joomla/joomla\! 2.5.3
joomla/joomla\! 2.5.4
joomla/joomla\! 2.5.5
joomla/joomla\! 2.5.6
joomla/joomla\! 2.5.7
joomla/joomla\! 2.5.8
joomla/joomla\! 2.5.9
... and 14 more
Published Oct 09, 2013
Tracked Since Feb 18, 2026