Joomla! JCE Component Multiple Directory Traversal Vulnerabilities

The JCE component for Joomla! is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to view directories or upload, rename, and delete arbitrary files within the context of the application. This may aid in further attacks.

JCE component 2.0.10 is vulnerable; other products may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus