Joomla! < 1.5.16 Multiple Vulnerabilities (deprecated)

medium Nessus Network Monitor Plugin ID 5518

Synopsis

The remote web server has an application installed that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting a version of Joomla! earlier than 1.5.16. Such versions are potentially affected by multiple security issues :

- If a user enters a URL with a negative query limit or offset, a PHP notice displays revealing information about the system.

- The migration script in the Joomla! installer does not check the file type being uploaded.

- A user's session ID doesn't get modified when the user logs on.

- When a user requests a password reset, the reset token is stored in plain text in the database.

Solution

Upgrade to Joomla! 1.5.16 or later.

See Also

http://developer.joomla.org/security/news/311-20100423-core-negative-values-for-limit-and-offset.html

http://developer.joomla.org/security/news/310-20100423-core-installer-migration-script.html

http://developer.joomla.org/security/news/309-20100423-core-sessation-fixation.html

http://developer.joomla.org/security/news/308-20100423-core-password-reset-tokens.html

Plugin Details

Severity: Medium

ID: 5518

Family: CGI

Published: 4/27/2010

Updated: 6/1/2015

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Patch Publication Date: 4/23/2010

Vulnerability Publication Date: 4/23/2010

Reference Information

BID: 39708