Description

Joomla! Core is prone to multiple vulnerabilities, including security bypass, SQL injection, information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to bypass intended access restrictions and perform otherwise restricted actions, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to obtain sensitive information that may help in launching further attacks or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.7 are vulnerable.

Remediation

Update to Joomla! Core version 1.0.8 or latest

References

http://www.securityfocus.com/archive/1/archive/1/426538/100/0/threaded

https://www.joomla.org/announcements/release-news/940-joomla-108-released.html

Related Vulnerabilities

Joomla! Core 1.5.x Session Fixation (1.5.0 - 1.5.15)

WordPress Plugin Beautiful Stat Counter for WordPress-Everest Counter Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.7)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321)

WordPress Plugin Export Users to CSV CSV Injection (1.4.2)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12386)

Severity

High

Classification

CVE-2006-1027 CVE-2006-1028 CVE-2006-1029 CVE-2006-1048 CVE-2006-1049 CWE-89 CWE-200 CWE-264 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update