{"id":"CVE-2017-7989","details":"In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.","modified":"2026-04-10T04:02:08.897974Z","published":"2017-04-25T18:59:00.463Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98029"},{"type":"FIX","url":"https://developer.joomla.org/security-centre/689-20170407-core-acl-violations"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/joomla/joomla-cms","events":[{"introduced":"0"},{"last_affected":"acb7a6384561a8d5917fa9854c85f52cddec9550"},{"introduced":"0"},{"last_affected":"dd0228ad970a9a06d12cfd4b92f1ff943c13c792"},{"introduced":"0"},{"last_affected":"07d6712836c4520963e78b9fda14b14d13ff000c"},{"introduced":"0"},{"last_affected":"e912c5abec3650896cbf0ea4c68ec3ca79b84826"},{"introduced":"0"},{"last_affected":"1a0b7a0bddf7572a38bfc4b17092ca83170c77fd"},{"introduced":"0"},{"last_affected":"11b927eb40b6646733ead7a9e3cd5f2e68a289b8"},{"introduced":"0"},{"last_affected":"e267106d8a7d164ef123c351e24e0dff14b1c2b9"},{"introduced":"0"},{"last_affected":"b6f66c99da6757381c2aa2b276bc259ad7b40f0b"},{"introduced":"0"},{"last_affected":"8a908a506fab9b5b58cf6672ade219f73586e635"},{"introduced":"0"},{"last_affected":"7d105613d7a81cd43fc8ed401767935ab7467cff"},{"introduced":"0"},{"last_affected":"8665974033e66f38c69bb86baba9e456dffdb6c2"},{"introduced":"0"},{"last_affected":"390dfb708b0b92a79b90ba92c80b97986ac9f1f9"},{"introduced":"0"},{"last_affected":"9a32ab9f8a262de6a360fa40205998c6d2d8a452"},{"introduced":"0"},{"last_affected":"fba560de0f9f662af3f342d401c76c47097a06be"},{"introduced":"0"},{"last_affected":"5f4a028207efcfacf4549f97b17a47fc14454c2c"},{"introduced":"0"},{"last_affected":"73cf6502a625e3bf3d628d25311be9939a09db3c"},{"introduced":"0"},{"last_affected":"b855f8885dec93ad439136f00b07a7ebf49af52b"},{"introduced":"0"},{"last_affected":"5fa0b451ae3a31dfa98ba2bad7559b71c2b8d82a"},{"introduced":"0"},{"last_affected":"1f1ee36f77c45eb5eef0646373c249621c1e295f"},{"introduced":"0"},{"last_affected":"925c3fa5d512b9aff8c5b470804d282fb1b70afb"},{"introduced":"0"},{"last_affected":"6a99b5dba1da503cad0e7a723ec2f22dfaa30858"},{"introduced":"0"},{"last_affected":"dca641f67e8e341bf0ef74f775a5e81ad3ccf384"},{"introduced":"0"},{"last_affected":"995db72ff4eaa544e38b4da3630b7a1ac0146264"},{"introduced":"0"},{"last_affected":"2cd4ef682f0cab6ff03200b79007a25f19c6690e"},{"introduced":"0"},{"last_affected":"e33857bbe74ea8e062613902869415bfd4afcb2b"},{"introduced":"0"},{"last_affected":"3b9b82b528cde642985258109e8f30c311351f94"},{"introduced":"0"},{"last_affected":"74cccf0179148478b64d76588f16b306697639cd"},{"introduced":"0"},{"last_affected":"5e75cffd7e7e4939c4e32096bb27a2029b805df5"},{"introduced":"0"},{"last_affected":"c8cc782f1c387679736c56e9e88d7530b1107805"},{"introduced":"0"},{"last_affected":"c508e4f2110ab231a54eb979c26676b0d6793ab5"},{"introduced":"0"},{"last_affected":"8fbc4fb3a2fad44c8c82152a82084d826e3df606"},{"introduced":"0"},{"last_affected":"b023acca2aa0282b3bbcfebf02194bf60aa08ffc"},{"introduced":"0"},{"last_affected":"296627526281a1ea08b8df8f6b6c684ad78840fe"},{"introduced":"0"},{"last_affected":"d9264d8e5179b6a4b938e201b1f35ea8f13159f1"},{"introduced":"0"},{"last_affected":"ca6cb8e34f611588115b31ce96d13928e0f68e8f"},{"introduced":"0"},{"last_affected":"5c526f99c6558d94c0f26d5b90f6e6261a7386a2"},{"introduced":"0"},{"last_affected":"bdaeb18559672885f4c80487cec21473b62fe43b"},{"introduced":"0"},{"last_affected":"5d47df460150140633e48c18336597ae5955bb90"},{"introduced":"0"},{"last_affected":"1e7f9cccbe1a7fba6f80549b953a3f02ad10791f"},{"introduced":"0"},{"last_affected":"797a820228cb0b30248466eb26b886dc694dfd4d"},{"introduced":"0"},{"last_affected":"877b3e1b02644779d5451ed374a6778bd34f42bc"},{"introduced":"0"},{"last_affected":"3c1c8dfb2712d5ac9a72a518c4e2c3ee0a0f6f80"},{"introduced":"0"},{"last_affected":"08d6e492682518d33cb779e1c86db8a100a09a6d"},{"introduced":"0"},{"last_affected":"bb1010ae038f6cbaf4aa78760b394bb13b6339ad"},{"introduced":"0"},{"last_affected":"fd72a9fb0ee8f54513ca436c27da7c4d8fb8feed"},{"introduced":"0"},{"last_affected":"ece8118d1db3b729ea051a1ce90d3e28473086e1"},{"introduced":"0"},{"last_affected":"2a193a73e059a3dee457e2307a27eb7534177ed9"},{"introduced":"0"},{"last_affected":"5fe8dfd144649257ea9a7c3ac3d72dba3ff34250"},{"introduced":"0"},{"last_affected":"2e0aaf4d8144ec083aead8703b6e1ab2b978ad75"},{"introduced":"0"},{"last_affected":"f2a087a10ae7b799e469d8296063c946a60131d3"},{"introduced":"0"},{"last_affected":"d70a0fe1521e9ee4130ae523e290449b8e549658"},{"introduced":"0"},{"last_affected":"0bafd9f7cd1e90856c3d855f38a295f5e96dc1e4"},{"introduced":"0"},{"last_affected":"2983d196840a7da2abf62c00ac2f3ee4864179b4"},{"introduced":"0"},{"last_affected":"6a169d998767373c4e0d21ef37ad04d55d67998d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2.0"},{"introduced":"0"},{"last_affected":"3.2.1"},{"introduced":"0"},{"last_affected":"3.2.2"},{"introduced":"0"},{"last_affected":"3.2.3"},{"introduced":"0"},{"last_affected":"3.2.4"},{"introduced":"0"},{"last_affected":"3.3.0"},{"introduced":"0"},{"last_affected":"3.3.1"},{"introduced":"0"},{"last_affected":"3.3.2"},{"introduced":"0"},{"last_affected":"3.3.3"},{"introduced":"0"},{"last_affected":"3.3.4"},{"introduced":"0"},{"last_affected":"3.3.5"},{"introduced":"0"},{"last_affected":"3.4.0"},{"introduced":"0"},{"last_affected":"3.4.0-alpha"},{"introduced":"0"},{"last_affected":"3.4.0-beta1"},{"introduced":"0"},{"last_affected":"3.4.0-beta2"},{"introduced":"0"},{"last_affected":"3.4.0-beta3"},{"introduced":"0"},{"last_affected":"3.4.1"},{"introduced":"0"},{"last_affected":"3.4.1-rc2"},{"introduced":"0"},{"last_affected":"3.4.2"},{"introduced":"0"},{"last_affected":"3.4.3"},{"introduced":"0"},{"last_affected":"3.4.4"},{"introduced":"0"},{"last_affected":"3.4.5"},{"introduced":"0"},{"last_affected":"3.4.6"},{"introduced":"0"},{"last_affected":"3.4.7"},{"introduced":"0"},{"last_affected":"3.4.8"},{"introduced":"0"},{"last_affected":"3.4.8-rc"},{"introduced":"0"},{"last_affected":"3.5.0"},{"introduced":"0"},{"last_affected":"3.5.0-beta"},{"introduced":"0"},{"last_affected":"3.5.0-beta2"},{"introduced":"0"},{"last_affected":"3.5.0-beta3"},{"introduced":"0"},{"last_affected":"3.5.0-beta4"},{"introduced":"0"},{"last_affected":"3.5.0-beta5"},{"introduced":"0"},{"last_affected":"3.5.0-rc"},{"introduced":"0"},{"last_affected":"3.5.0-rc2"},{"introduced":"0"},{"last_affected":"3.5.0-rc3"},{"introduced":"0"},{"last_affected":"3.5.0-rc4"},{"introduced":"0"},{"last_affected":"3.5.1"},{"introduced":"0"},{"last_affected":"3.5.1-rc"},{"introduced":"0"},{"last_affected":"3.6.0"},{"introduced":"0"},{"last_affected":"3.6.0-alpha"},{"introduced":"0"},{"last_affected":"3.6.0-beta1"},{"introduced":"0"},{"last_affected":"3.6.0-beta2"},{"introduced":"0"},{"last_affected":"3.6.0-rc"},{"introduced":"0"},{"last_affected":"3.6.0-rc2"},{"introduced":"0"},{"last_affected":"3.6.1"},{"introduced":"0"},{"last_affected":"3.6.1-rc1"},{"introduced":"0"},{"last_affected":"3.6.1-rc2"},{"introduced":"0"},{"last_affected":"3.6.2"},{"introduced":"0"},{"last_affected":"3.6.3"},{"introduced":"0"},{"last_affected":"3.6.3-rc1"},{"introduced":"0"},{"last_affected":"3.6.3-rc2"},{"introduced":"0"},{"last_affected":"3.6.3-rc3"},{"introduced":"0"},{"last_affected":"3.6.4"},{"introduced":"0"},{"last_affected":"3.6.5"}]}}],"versions":["1.7.3","2.5.0","2.5.0_beta1","2.5.0_beta2","2.5.1","2.5.4","2.5.5","2.5.6","3","3.0.0","3.0.0_alpha-1","3.0.0_alpha-2","3.0.0_beta1","3.0.1","3.0.3","3.1.0_beta1","3.1.0_beta2","3.1.0_beta3","3.1.0_beta4","3.1.0_beta5","3.1.1","3.1.5","3.2.0","3.2.0.alpha","3.2.0.beta","3.2.0.rc","3.2.1","3.2.2","3.2.3","3.2.4","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.4.0","3.4.0-alpha","3.4.0-beta1","3.4.0-beta2","3.4.0-beta3","3.4.0-rc","3.4.1","3.4.1-rc","3.4.1-rc2","3.4.2","3.4.2-rc","3.4.3","3.4.4","3.4.4-rc","3.4.4-rc2","3.4.5","3.4.6","3.4.7","3.4.8","3.4.8-rc","3.5.0","3.5.0-beta","3.5.0-beta2","3.5.0-beta3","3.5.0-beta4","3.5.0-beta5","3.5.0-rc","3.5.0-rc2","3.5.0-rc3","3.5.0-rc4","3.5.1","3.5.1-rc","3.5.1-rc2","3.6.0","3.6.0-alpha","3.6.0-beta1","3.6.0-beta2","3.6.0-rc","3.6.0-rc2","3.6.1","3.6.1-rc1","3.6.1-rc2","3.6.2","3.6.3","3.6.3-rc1","3.6.3-rc2","3.6.3-rc3","3.6.4","3.6.5"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.4.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.1-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.2-rc1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7989.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}