CVE-2007-4781 Information

Description

administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1 Beta2 and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the \Upload Package File\ functionality which is accessible when com_installer is the value of the option parameter.

Reference

http://osvdb.org/45888 http://www.securityfocus.com/bid/25508 https://exchange.xforce.ibmcloud.com/vulnerabilities/36424 https://www.exploit-db.com/exploits/4350