Detections
Analytics

Joomla! < 1.5.20 Multiple Vulnerabilities (deprecated)

medium Nessus Network Monitor Plugin ID 5604

Synopsis

The remote web server has an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting Joomla!, a content management system written in PHP.

Versions of Joomla earlier than 1.5.20 are potentially affected by multiple vulnerabilities :

 - A back-end user can inject SQL code which will lead to a MySQL error which shows internal path information. (Bug 20100701)

 - Multiple cross-site scripting vulnerabilities in various administrative screens. (Bug 20100702, Bug 201000703, Bug 20100704)

Solution

Upgrade to Joomla! 1.5.20 or later.

See Also

http://developer.joomla.org/security/news/315-20100701-core-sql-injection-internal-path-exposure.html

http://developer.joomla.org/security/news/316-20100702-core-xss-vulnerabillitis-in-back-end.html

http://developer.joomla.org/security/news/317-20100703-core-xss-vulnerabillitis-in-back-end.html

http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabillitis-in-back-end.html

Plugin Details

Severity: Medium

ID: 5604

Family: CGI

Published: 7/19/2010

Updated: 6/1/2015

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Patch Publication Date: 7/15/2010

Vulnerability Publication Date: 7/16/2010

Reference Information

BID: 41743, 41822