Unrated severityNVD Advisory· Published Aug 31, 2012· Updated Apr 29, 2026

CVE-2011-5148

Description

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Affected products

Wasen/Mod Simplefileupload3 versions
cpe:2.3:a:wasen:mod_simplefileupload:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:wasen:mod_simplefileupload:*:*:*:*:*:*:*:*range: <=1.3
- cpe:2.3:a:wasen:mod_simplefileupload:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:wasen:mod_simplefileupload:1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/47370nvdVendor Advisory
docs.joomla.org/Vulnerable_Extensions_Listnvd
wasen.net/index.phpnvd
www.exploit-db.com/exploits/18287nvd
www.osvdb.org/78122nvd
www.securityfocus.com/bid/51214nvd
www.securityfocus.com/bid/51234nvd
exchange.xforce.ibmcloud.com/vulnerabilities/72023nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000