Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Joomla! < 1.5.16 Multiple Vulnerabilities (deprecated)

Medium

Synopsis

The remote web server has an application installed that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting a version of Joomla! earlier than 1.5.16. Such versions are potentially affected by multiple security issues :

- If a user enters a URL with a negative query limit or offset, a PHP notice displays revealing information about the system.

- The migration script in the Joomla! installer does not check the file type being uploaded.

- A user's session ID doesn't get modified when the user logs on.

- When a user requests a password reset, the reset token is stored in plain text in the database.

Solution

Upgrade to Joomla! 1.5.16 or later.