Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Joomla! 1.6 < 1.6.2 Multiple Vulnerabilities (deprecated)

Medium

Synopsis

The remote web server has an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting Joomla!, a content management system written in PHP.

Versions of Joomla 1.6 earlier than 1.6.2 are potentially affected by multiple vulnerabilities :

- Multiple inadequate error checking issues could lead to information disclosure. (20110402, 20110403)

- Unescaped values in the administrative modal windows causes potential cross-site scripting vulnerabilities. (20110404)

- Multiple inadequate filtering issues could lead to cross-site scripting attacks. (20110405, 20110406)

- Inadequate permissions checking could allow unauthorised access. (20110407)

- Unescaped values in a query could lead to a SQL injection vulnerability. (20110408)

- Inadequate protection could lead to a clickjacking vulnerability. (20110409)

Solution

Upgrade to Joomla! 1.6.2 or later.