FreeBSD : Joomla! -- multiple vulnerabilities (c0ef061a-c7f0-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The JSST and the Joomla! Security Center report : [20151206] - Core -
Session Hardening The Joomla Security Strike team has been following
up on the critical security vulnerability patched last week. Since the
recent update it has become clear that the root cause is a bug in PHP
itself. This was fixed by PHP in September of 2015 with the releases
of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions
of PHP 7 and has been back-ported in some specific Linux LTS versions
of PHP 5.3). This fixes the bug across all supported PHP versions.
[20151207] - Core - SQL Injection Inadequate filtering of request data
leads to a SQL Injection vulnerability.

See also :

http://www.nessus.org/u?96252f3a
http://www.nessus.org/u?3b562b7b
http://www.nessus.org/u?3b5dd1d2
http://www.nessus.org/u?506d844d

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96061 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now