PT-2013-3144 · Open Source Matters · Joomla!

Egix

Published

2013-02-13

Updated

2017-08-29

CVE-2013-1453

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Joomla! versions 2.5.x through 2.5.8 Joomla! versions 3.0.x through 3.0.2

Description The issue allows attackers to unserialize arbitrary PHP objects, which can lead to obtaining sensitive information, deleting arbitrary directories, conducting SQL injection attacks, and possibly having other impacts. This is achieved via the highlight parameter.

Recommendations For Joomla! versions 2.5.x through 2.5.8, update to a version outside of this range to resolve the issue. For Joomla! versions 3.0.x through 3.0.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the highlight parameter in the affected highlight.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-1453

Affected Products

Joomla!

PT-2013-3144 · Open Source Matters · Joomla!

CVE-2013-1453

Related Identifiers

Affected Products

References · 7