FreeBSD : joomla -- multiple vulnerabilities (8d10038e-515c-11df-83fb-0015587e2cc1)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Joomla! reported the following vulnerabilities :

If a user entered a URL with a negative query limit or offset, a PHP
notice would display revealing information about the system..

The migration script in the Joomla! installer does not check the file
type being uploaded. If the installation application is present, an
attacker could use it to upload malicious files to a server.

Session id doesn't get modified when user logs in. A remote site may
be able to forward a visitor to the Joomla! site and set a specific
cookie. If the user then logs in, the remote site can use that cookie
to authenticate as that user.

When a user requests a password reset, the reset tokens were stored in
plain text in the database. While this is not a vulnerability in
itself, it allows user accounts to be compromised if there is an
extension on the site with a SQL injection vulnerability.

See also :

http://www.nessus.org/u?4210cdd8
http://www.nessus.org/u?4553eaf3
http://www.nessus.org/u?e31c4775
http://www.nessus.org/u?85d5e95a
http://www.nessus.org/u?c5912550

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 46005 (freebsd_pkg_8d10038e515c11df83fb0015587e2cc1.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now