Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Joomla! 1.6 < 1.6.1 Multiple Vulnerabilities (deprecated)

Medium

Synopsis

The remote web server has an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting Joomla!, a content management system written in PHP.

Versions of Joomla 1.6 earlier than 1.6.1 are potentially affected by multiple vulnerabilities :

- An unspecified SQL injection and path disclosure issue. (20110201)

- An uncaught exception could cause full path disclosure. (20110202)

- Inadequate checking for double URI encoding could lead to cross-site scripting vulnerabilities. (20110203)

- Inadequate filtering exposes cross-site scripting vulnerabilities. (20110204)

- Inadequate access checking leads to information disclosure. (20110301)

- There is inadequate checking of redirect URLs. (20110302)

- Inadequate filtering causes information disclosure. (20110303)

- There is inadequate control of which files can be edited by authenticated users. (20110304)

- Inadequate token checking leads to a cross-site request forgery vulnerability. (20110305)

- Editor caching can cause a denial of service by filling up the disk. (20110306)

- Inadequate filtering exposes cross-site scripting vulnerabilities. (20110307)

- Inadequate token checking leads to a cross-site request forgery vulnerability. (20110308)

Solution

Upgrade to Joomla! 1.6.1 or later.