A moderately critical flaw was found in JCE component in Joomla!. The vulnerability allows to attck user’s system. It is due to improper verification of uploaded files by editor/extensions/browser/file.php script. An attacker may launch arbitrary PHP code by uploading PHP files with other extensions added. Successful exploitation requires „Author“ privileges. The flaw was found in version 2.0.17. Other versions may also be affected. Users should upgrade to 2.0.19.

Source: Secunia
12.12.2011