Joomla! is prone to a remote PHP object-injection vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to inject arbitrary object in to the application. This may aid in further attacks. The following versions are vulnerable: Joomla! 2.0.0 through versions prior to 2.5.9 Joomla! 3.0.0 through versions prior to 3.0.3

Vendor updates are available. Please see the references for more information.

• http://www.joomla.org/
• http://www.securityfocus.com/bid/57746

---

Updated on 2015-03-25