What the vulnerability does
01Description
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
What the vulnerability does
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
Explanation of Vulnerability in Simple Terms
The EasyDiscuss extension for Joomla contains an unrestricted file upload vulnerability. An authenticated user with low privileges can upload files by interacting with the application, potentially allowing them to store malicious files on the server. The impact is limited to the affected component and does not extend to the broader system.
What an attacker can do
Upload files to the server without proper validation or restrictions.
Potential impact on your site
Malicious files could be stored on your server, potentially leading to further compromise if executed or accessed.
Conditions required to exploit
Attacker must have a low-privilege Joomla user account and interact with the vulnerable upload feature.
Key dates
External resources
Related vulnerabilities