CVE-2019-25758
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk47th percentile - higher than 47% of all known CVEs
Summary
Joomla! Component vBizz version 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.
Risk Assessment
This vulnerability poses a serious risk to organizations by allowing attackers to execute remote code on the server, potentially leading to full system compromise.
Recommendation
It is recommended to update the vBizz component to the latest version and implement strict controls on file uploads to minimize the risk of unauthorized access.
Original NVD description (English source)
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.

