Affected Versions:
JomSocial <1.8.9 vulnerability description:
Joomla! Is an Open Source Content Management System (CMS ).
Joomla! A design vulnerability exists in the implementation of the JomSocialy component. Remote attackers may exploit this vulnerability to upload arbitrary files to the Web directory, resulting in arbitrary command execution on the server.
The software does not properly restrict file uploads. attackers can execute arbitrary commands by uploading PHP code files. This vulnerability requires the system to enable direct video upload and allow column directories.
<* Reference
Http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html
*>
Vendor patch:
JomSocial
---------
The vendor has fixed this security issue in software 1.8.9 and later versions. Please download it from the vendor's homepage:
Http://www.jomsocial.com/