Unauthorized Uploads Vulnerability in Joomla! 2.5.13 and Earlier Versions
Joomla!® is a content management system with more than 200,000 users and contributors.
Affected Application: Joomla! 2.5.13 and earlier 2.5.x versions.
Issue: On 06/25/13, an unauthorized uploads vulnerability was reported for multiple versions of Joomla! Inadequate filtering lets attackers bypass file type upload restrictions. For example, if someone attempts to upload a .php file, Joomla! should display an error message: "This file type is not supported." Because of this vulnerability, a hacker could upload malicious_file.php to your Joomla! website.
For more information, visit Joomla's security page.