Description

Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla!, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.

Remediation

Upgrade to Joomla! version 3.4.5.

References

Joomla SQL Injection Vulnerability

Joomla! 3.4.5 Released

[20151001] - Core - SQL Injection

Related Vulnerabilities

WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.6)

WordPress Plugin Photoracer Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups SQL Injection (2.6.7.6)

WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (5.8.1)

WordPress Plugin WP Booking System Multiple Vulnerabilities (1.5.1)

Severity

High

Classification

CVE-2015-7297 CVE-2015-7857 CVE-2015-7858 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection