• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Joomla! Multiple Security Vulnerabilities

Joomla! is prone to multiple security vulnerabilities, including varius cross-site scripting, code-injection, input-validation, and access-control-bypass issues. These issues are caused by design and configuration weaknesseses and by a failure in the application to properly sanitize user-supplied input in several cases.

A number of these issues may have already been documented in other BIDs.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, inject arbitrary hostile code, or even exploit vulnerabilities in the underlying system or database implementation. Presumably, some of these issues may facilitate remote unauthorized access. Other attacks are also possible.

All versions of Joomla! prior to version 1.0.11 are vulnerable to these issues. Updates are available.