Description

Joomla! Core is prone to a variable injection vulnerability. Exploiting this issue may allow attackers to inject unwanted characters into returned data; other attacks with unspecified impact are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.6 are vulnerable.

Remediation

Update to Joomla! Core version 1.5.7 or latest

References

https://developer.joomla.org/security-centre/271-20080901-core-jrequest-variable-injection.html

Related Vulnerabilities

Oracle Database Server CVE-2010-0870 Vulnerability (CVE-2010-0870)

WordPress Plugin Post video players, slideshow albums, photo galleries and music/podcast playlist Cross-Site Scripting (1.136)

Moodle Other Vulnerability (CVE-2005-3649)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2010-5298)

GlassFish CVE-2016-3607 Vulnerability (CVE-2016-3607)

Severity

High

Classification

CVE-2008-4105 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update