Joomla! ® Vulnerable Extensions List

Attachments, jmcameron  , LFI  Extension Update Details

Security Release 3.1.1 implements new checks to prevent uploading php files renamed as image files (or any corrupt image files). It also prevents uploading 'double extension' files such as 'file.php.xyz' which may be evaluated as PHP on Apache systems.

UpdateNoticeURL
http://jmcameron.net/attachments/updates/3.1.1/

 

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • Event Manager, 2.1.4 and below, multiple vulnerabilities

    Event Manager, 2.1.4 and below, SQLi and Unrestricted File Upload Fixed in version 2.1.4.2 Notice: http://www.joomlaeventmanager.net/project/changelog-jem-2 Read More
  • AP Portfolio [mod_ap_portfolio], 3.3 and below, XSS (Cross Site Scripting)

    AP Portfolio [mod_ap_portfolio], 3.3 and below, XSS (Cross Site Scripting) Read More
  • J2Store by Weblogicx India, 3.1.6 and below, SQL Injections

    J2Store by Weblogicx India, 3.1.6 and below, SQL Injections Update: vulnerabilites fixed in version 3.1.7 Announcement: http://j2store.org/j2store-v3.html Read More
  • Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns

    Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns Vulnerabilities: Direct Object References Cross-Site Scripting SQL Injection Local file Read More
  • AdsManager by Joomprod [com_adsmanager], 3.1.0 and below, arbitrary file upload

    AdsManager by Joomprod [com_adsmanager], 3.1.0 and below,Other Read More
  • 1
  • 2