Joomla! JCE Component Directory Traversal Vulnerability


Description   AmnPardaz Security Research Team has discovered a vulnerability in the JCE component for Joomla!, which can be exploited by malicious users to disclose system information and manipulate certain data.
Certain input is not properly verified before being used to access files. This can be exploited to view and manipulate files and folders outside of the application root by e.g. passing certain input via the "json" parameter to plugins.
Successful exploitation requires permissions in the "Edit" profile.
The vulnerability is confirmed in version 2.0.10. Prior versions may also be affected.
     
Vulnerable Products   Vulnerable Software:
JCE 2.x (component for Joomla!)
     
Solution   Update to version 2.0.11.
     
CVE  
     
References   JCE:
http://www.joomlacontenteditor.net/news/item/jce-2011-released
AmnPardaz Security Research Team:
http://www.bugreport.ir/index_78.htm
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2011-09-01 

 Target Type 
Server 

 Possible exploit 
Remote