Joomla! JomSocial remote code execution
Description
JomSocial is a social networking component for Joomla! content management systems. Versions prior to 3.1.0.1 contain a critical remote code execution vulnerability in the photos controller's ajaxUploadAvatar task. The Azrul plugin fails to properly validate user-supplied parameters before passing them to PHP's call_user_func_array function, allowing unauthenticated attackers to invoke arbitrary static class methods with attacker-controlled parameters. This can be exploited by calling CStringHelper::escape() to achieve arbitrary PHP code execution on the server.
Remediation
Take the following steps to remediate this vulnerability:
1. Immediately upgrade JomSocial to version 3.1.0.1 or later through the Joomla! extension manager or by downloading the latest version from the official JomSocial website.
2. Review server logs for suspicious activity targeting the photos controller, particularly requests to the ajaxUploadAvatar task with unusual parameters.
3. Audit the web server for unauthorized files, backdoors, or web shells that may have been uploaded if the system was compromised.
4. If upgrading is not immediately possible, temporarily disable the JomSocial component or restrict access to the photos controller until the patch can be applied.
5. Implement web application firewall (WAF) rules to block requests containing suspicious patterns in the Azrul plugin parameters as a defense-in-depth measure.