Joomla! is prone to multiple security vulnerabilities including: An SQL-injection issue A path-disclosure vulnerability Multiple cross-site scripting issues Multiple information-disclosure vulnerabilities A URI-redirection vulnerability A security-bypass vulnerability A cross-site request-forgery vulnerability A denial-of-service vulnerability An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, redirect a victim to a potentially malicious site, or perform unauthorized actions. Other attacks are also possible. Versions prior to Joomla! 1.6.1 are vulnerable.

The vendor released a patch. Please see the references for more information.

• http://www.joomla.org/
• http://www.joomla.org/announcements/release-news/5350-joomla-161-released.html
• https://www.securityfocus.com/bid/46787

---

Updated on 2015-03-25