Vulnerability in Joomla! Tinybrowser Plugin

CVE-2011-4908

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.

EPSS: 0.619 (98.4th percentile) — read the EPSS interpretation.

Affected products

Joomla! Tinybrowser Plugin — versions 1.5.12, fixed in 1.5.13

Public proof-of-concept exploits

rapid7/metasploit-framework

References

[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (mailing-list, x_refsource_MLIST)
vulmon.com/vulnerabilitydetails (x_refsource_MISC)
9926 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2011-4908?: CVE-2011-4908 is a vulnerability in Joomla! Tinybrowser Plugin. Published 2020-02-12.
Is CVE-2011-4908 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.