The remote web server has an application installed that is vulnerable to multiple attack vectors.
The remote web server is hosting a version of Joomla! earlier than 1.5.16. Such versions are potentially affected by multiple security issues : - If a user enters a URL with a negative query limit or offset, a PHP notice displays revealing information about the system. - The migration script in the Joomla! installer does not check the file type being uploaded. - A user's session ID doesn't get modified when the user logs on. - When a user requests a password reset, the reset token is stored in plain text in the database.