Description

Joomla! Core is prone to multiple vulnerabilities, including SQL injection and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.12 are vulnerable.

Remediation

Update to Joomla! Core latest version

References

http://www.securityfocus.com/archive/1/archive/1/480738/100/0/threaded

https://packetstormsecurity.com/0707-exploits/joomla-sql.txt

Related Vulnerabilities

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0270)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Multiple Vulnerabilities (1.1.9)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.17)

WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup Arbitrary SQL Query Execution Vulnerability (4.16.38)

Severity

High

Classification

CVE-2007-4184 CVE-2007-4185 CWE-89 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update