Joomla! < 1.5.16 Multiple Vulnerabilities (deprecated)

Medium Nessus Network Monitor Plugin ID 5518

Synopsis

The remote web server has an application installed that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting a version of Joomla! earlier than 1.5.16. Such versions are potentially affected by multiple security issues :

- If a user enters a URL with a negative query limit or offset, a PHP notice displays revealing information about the system.

- The migration script in the Joomla! installer does not check the file type being uploaded.

- A user's session ID doesn't get modified when the user logs on.

- When a user requests a password reset, the reset token is stored in plain text in the database.

Solution

Upgrade to Joomla! 1.5.16 or later.

See Also

http://developer.joomla.org/security/news/311-20100423-core-negative-values-for-limit-and-offset.html

http://developer.joomla.org/security/news/310-20100423-core-installer-migration-script.html

http://developer.joomla.org/security/news/309-20100423-core-sessation-fixation.html

http://developer.joomla.org/security/news/308-20100423-core-password-reset-tokens.html

Plugin Details

Severity: Medium

ID: 5518

File Name: 5518.prm

Family: CGI

Published: 2010/04/27

Modified: 2015/06/01

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/04/23

Vulnerability Publication Date: 2010/04/23

Reference Information

BID: 39708