What the vulnerability does
01Description
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
What the vulnerability does
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Explanation of Vulnerability in Simple Terms
The RSFiles extension for Joomla contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files to the server over the network. An attacker can exploit this to upload malicious files, potentially gaining control of the site. No user interaction is required. Update to a version newer than 1.17.11.
What an attacker can do
Upload arbitrary files to the server without authentication, potentially executing code or compromising the site.
Potential impact on your site
Attackers can upload malicious files and run code on your Joomla site, leading to full compromise.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities