Joomla! 'com_user' Component Token Input Validation Vulnerability

Bugtraq ID:	30667
Class:	Input Validation Error
CVE:	CVE-2008-3681
Remote:	Yes
Local:	No
Published:	Aug 12 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	d3mon <[email protected]>
Vulnerable:	Joomla Joomla 1.5.5 Joomla Joomla 1.5.4 Joomla Joomla 1.5.3 Joomla Joomla 1.5.2 Joomla Joomla 1.5.1 Joomla Joomla 1.5 Joomla Joomla 1.5.0 Beta Joomla Joomla 1.5 RC3 Joomla Joomla 1.5 RC2 Joomla Joomla 1.5 RC1 Joomla Joomla 1.5 Beta 2
Not Vulnerable:	Joomla Joomla 1.5.6

Joomla! 'com_user' Component Token Input Validation Vulnerability

The 'com_user' component for Joomla! is prone to an input-validation vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to obtain administrative privileges and compromise the application.

This issue affects Joomla! 1.5.5; other versions may also be affected. Mambo may also be affected.

NOTE: This BID was previously titled 'Joomla! 'com_user' Component SQL Injection Vulnerability'. The title was updated to better reflect the issue.

Joomla! 'com_user' Component Token Input Validation Vulnerability

Attackers can use a browser to exploit this issue.

Joomla! 'com_user' Component Token Input Validation Vulnerability

Solution:
The vendor has released Joomla 1.5.6 to address this issue. Please see the references for more information.


Joomla Joomla 1.5.0 Beta

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5 RC3

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5 RC1

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5 Beta 2

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5 RC2

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5.1

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5.2

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5.3

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5.4

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla Joomla 1.5.5

• Joomla Joomla_1.5.6-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

Joomla! 'com_user' Component Token Input Validation Vulnerability

References:

• [20080801] - Core - Password Remind Functionality (Joomla)
  
• Joomla! 1.5.6 Released (Joomla)