Summary
Joomla! is prone to a remote PHP object-injection vulnerability because it fails to properly validate user-supplied input.
Attackers can exploit this issue to inject arbitrary object in to the application. This may aid in further attacks.
The following versions are vulnerable:
Joomla! 2.0.0 through versions prior to 2.5.9
Joomla! 3.0.0 through versions prior to 3.0.3
Solution
Vendor updates are available. Please see the references for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-1453 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Adobe ColdFusion Information Disclosure Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability