Joomla! 3.x < 3.4.5 Multiple Vulnerabilities

high Nessus Plugin ID 86655

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Joomla! installation running on the remote web server is 3.x prior to 3.4.5.
It is, therefore, affected by multiple vulnerabilities :

- A SQL injection vulnerability exists in com_contenthistory due to improper sanitization of input to the 'list[select]' parameter. An unauthenticated, remote attacker can exploit this to disclose or manipulate arbitrary data on the back-end database.
(CVE-2015-7297)

- A SQL injection vulnerability exists in the history.php script due to improper sanitization of input to the 'list[select]' parameter. An unauthenticated, remote attacker can exploit this to disclose or manipulate arbitrary data on the back-end database. (CVE-2015-7857)

- A SQL injection vulnerability exists exists due to improper sanitization of unspecified input. An unauthenticated, remote attacker can exploit this to disclose or manipulate arbitrary data on the back-end database. (CVE-2015-7858)

- An unspecified flaw exists in com_contenthistory that is related to unsafe permissions. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2015-7859)

- An unspecified flaw exists in com_content that is related to unsafe permissions. An unauthenticated, remote attacker can exploit this, via a crafted request, to disclose sensitive information. (CVE-2015-7899)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Joomla! version 3.4.5 or later.

See Also

http://www.nessus.org/u?07146f28

Plugin Details

Severity: High

ID: 86655

File Name: joomla_345.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 10/29/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:joomla:joomla%5c%21

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/Joomla!

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/22/2015

Vulnerability Publication Date: 10/22/2015

Exploitable With

Core Impact

Metasploit (Joomla Content History SQLi Remote Code Execution)

Elliot (Joomla Core SQLi list[select])

Reference Information

CVE: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858, CVE-2015-7859, CVE-2015-7899

BID: 77295, 77296, 77297