Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla! Core 3.x.x Prototype Pollution (3.0.0 - 3.9.4)

Description

Joomla! Core is prone to a prototype pollution vulnerability. Exploiting this issue may allow attackers to add or modify existing properties of an "Object", when controlling part of it's structure. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.9.4 are vulnerable.

Remediation

Update to Joomla! Core version 3.9.5 or latest

References

https://developer.joomla.org/security-centre/779-20190403-core-object-prototype-pollution-in-jquery-extend.html

Related Vulnerabilities

WordPress Plugin Disc Golf Manager PHP Object Injection (1.0.0)

PHP hangs on parsing particular strings as floating point number

Ruby Inefficient Regular Expression Complexity Vulnerability (CVE-2023-28756)

phpMyFAQ Business Logic Errors Vulnerability (CVE-2023-1887)

Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)

Severity

High

Classification

CVE-2019-11358 CWE-610 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update