Description

Joomla! Core is prone to a spam vulnerability. Exploiting this issue may allow attackers to send spam through the affected website. Joomla! Core version 1.6.0 is vulnerable.

Remediation

Update to Joomla! Core version 1.6.1 or latest

References

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=24288

https://www.exploit-db.com/exploits/15979/

https://www.joomla.org/announcements/release-news/5350-joomla-161-released.html

Related Vulnerabilities

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

WordPress Plugin WordPress Meta Robots SQL Injection (2.1)

PHP Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2004-0594)

WordPress Plugin GoDaddy Email Marketing Cross-Site Request Forgery (1.1.2)

WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update