CVE Catalog

CVE-2019-25758

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.67%

47th percentile - higher than 47% of all known CVEs

Summary

Joomla! Component vBizz version 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.

Risk Assessment

This vulnerability poses a serious risk to organizations by allowing attackers to execute remote code on the server, potentially leading to full system compromise.

Recommendation

It is recommended to update the vBizz component to the latest version and implement strict controls on file uploads to minimize the risk of unauthorized access.

Original NVD description (English source)

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS