VDB

GSD-2013-5576

GSD-2013-5576 PUBLISHED

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Affected Products

VendorProductVersions
n/an/an/a

Timeline

  • Aug 15, 2013 PoC Published
  • Oct 9, 2013 CVE Published
  • May 29, 2018 PoC Published
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Apr 15, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›