CVE-2013-5576

N/A Unknown
Published: October 09, 2013 Modified: April 29, 2026
View on NVD

Description

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
Source: cve@mitre.org
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626
Source: cve@mitre.org
http://seclists.org/oss-sec/2013/q3/484
Source: cve@mitre.org
http://seclists.org/oss-sec/2013/q3/486
Source: cve@mitre.org
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/
Source: cve@mitre.org
http://www.exploit-db.com/exploits/27610
Source: cve@mitre.org
Exploit
http://www.kb.cert.org/vuls/id/639620
Source: cve@mitre.org
US Government Resource
https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2
Source: cve@mitre.org
https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8
Source: cve@mitre.org
Exploit Patch
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626
Source: af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/oss-sec/2013/q3/484
Source: af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/oss-sec/2013/q3/486
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.exploit-db.com/exploits/27610
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.kb.cert.org/vuls/id/639620
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://github.com/joomla/joomla-cms/commit/1ed07e257a2c0794ba19e864f7c5101e7e8c41d2
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
52.1%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

joomla

Related CVEs

CVE-2026-8108 7.8
CVE-2026-5371 7.1
CVE-2026-44548 8.1
CVE-2026-44547 9.6
CVE-2026-44352 N/A