Joomla! 1.0.12 Multiple Security Vulnerabilities
BID:25122
Info
Joomla! 1.0.12 Multiple Security Vulnerabilities
| Bugtraq ID: | 25122 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 21 2007 12:00AM |
| Updated: | Jul 30 2007 11:25PM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
Joomla Joomla 1.0.12 Joomla Joomla 1.0.11 Joomla Joomla 1.0.10 Joomla Joomla 1.0.1 Joomla Joomla 1.0 |
| Not Vulnerable: |
Joomla Joomla 1.0.13 |
Discussion
Joomla! 1.0.12 Multiple Security Vulnerabilities
Joomla! is prone to multiple security vulnerabilities, including cross-site scripting, HTTP-response-splitting, and session-fixation issues. These issues occur because of design and configuration weaknesses and because the application fails to properly sanitize user-supplied input in several cases.
A successful exploit of these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, inject arbitrary hostile code, or potentially hijack another user's session. Presumably, some of these issues may facilitate remote execution of arbitrary script code in a victim's browser. Other attacks are also possible.
All versions prior to Joomla! 1.0.13 are vulnerable. Updates are available.
Joomla! is prone to multiple security vulnerabilities, including cross-site scripting, HTTP-response-splitting, and session-fixation issues. These issues occur because of design and configuration weaknesses and because the application fails to properly sanitize user-supplied input in several cases.
A successful exploit of these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, inject arbitrary hostile code, or potentially hijack another user's session. Presumably, some of these issues may facilitate remote execution of arbitrary script code in a victim's browser. Other attacks are also possible.
All versions prior to Joomla! 1.0.13 are vulnerable. Updates are available.
Exploit / POC
Joomla! 1.0.12 Multiple Security Vulnerabilities
To exploit most of these issues, an attacker can use a browser. Exploit code is not required.
To exploit most of these issues, an attacker can use a browser. Exploit code is not required.
Solution / Fix
Joomla! 1.0.12 Multiple Security Vulnerabilities
Solution:
The vendor has released Joomla! 1.0.13 to address these issues; please see the references for details and vendor advisories.
Joomla Joomla 1.0.12
Solution:
The vendor has released Joomla! 1.0.13 to address these issues; please see the references for details and vendor advisories.
Joomla Joomla 1.0.12
-
Joomla Joomla! Version 1.0.13
http://joomlacode.org/gf/download/frsrelease/4508/13215/Joomla_1.0.13- Stable-Full_Package.tar.bz2
References
Joomla! 1.0.12 Multiple Security Vulnerabilities
References:
References:
- Joomla! Homepage (Joomla!)
- Joomla! 1.0.13 Released (Joomla!)