Joomla! 'highlight' Parameter PHP Object Injection Vulnerability Network Vulnerability

Summary

Joomla! is prone to a remote PHP object-injection vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to inject arbitrary object in to the application. This may aid in further attacks. The following versions are vulnerable: Joomla! 2.0.0 through versions prior to 2.5.9 Joomla! 3.0.0 through versions prior to 3.0.3

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.joomla.org/
http://www.securityfocus.com/bid/57746

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1453
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

b2Evolution title SQL Injection
Agora CGI Cross Site Scripting
Apache Tomcat Windows Installer Privilege Escalation Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
Apple Safari RSS Feed Information Disclosure Vulnerability

Take action and discover your vulnerabilities