Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension.
Registered as CVE-2012-2902
Multiple exploits combine the JCE vulnerability with Multipart modifications in order to upload invisible files bypassing the Mod Security and the PHP multipart parsers.
We created a complex solution that interecepts the attempts to exploit this vulnerabilities, recognize them and block.
Pyxsoft users are safe from CVE-2012-2902 even with vulnerable versions of Joomla! installed on server.