[20170407] – Core – ACL Violations

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2017-March-01
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7989

Description

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Abdullah Hussam

Leave a Comment