Joomla! JCE arbitrary file upload
Description
JCE (Joomla Content Editor) versions 2.0 (prior to 2.0.11) and 1.5 (prior to 1.5.7.14) contain a path traversal vulnerability that allows authenticated users with content editing privileges to bypass directory restrictions. Users who have access to any of the following plugins—Image Manager, Image Manager Extended, File Manager, Media Manager, or Template Manager—can view and manipulate files outside their designated plugin folders. This vulnerability enables arbitrary file upload and modification in unauthorized locations on the server.
Remediation
Immediately upgrade JCE to a patched version to remediate this vulnerability:
1. For JCE 2.0 installations: Upgrade to version 2.0.11 or later
2. For JCE 1.5 installations: Upgrade to version 1.5.7.14 or later
Additional security measures:
• After upgrading, review server logs for suspicious file upload activity or unauthorized file access attempts
• Audit all files in the web root directory for unexpected PHP files or web shells
• Review user permissions to ensure content editors have only the minimum necessary access to JCE plugins
• Consider implementing file upload restrictions at the web server level to prevent PHP execution in upload directories