Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Remote Code Execution Vulnerabilities in Joomla

 

Systems Affected


Joomla! CMS versions 1.5.0 through 3.4.5
Joomla! Framework Session package versions 1.0.0 through 1.3.0

Threat Level


High


Overview


Two vulnerabilities have been reported in Joomla! which could be exploited by remote attacker to obtain data from targeted systems user session to disclose sensitive information.


Description


These vulnerabilities exist in Joomla! Due to the improper sanitization of browser information while saving the session details into the database.

Successful exploitation of this vulnerability could allow a remote attacker to execute code on the targeted system.


Impact



Solution/ Workarounds


Upgrade to latest version of Joomla! CMS 3.4.6 and Joomla! Framework Session package version 1.3.1

https://www.joomla.org/download.html


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.